Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hjt log. bankerfox.a virus


  • This topic is locked This topic is locked
44 replies to this topic

#1 yoyosmuggler

yoyosmuggler

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:lousyana
  • Local time:02:05 PM

Posted 21 December 2010 - 03:43 AM

I noticed the other day when i was on the net that all of a sudden i couldn't open any pages and just before that sun java started up. i had let my antivirus run out a few days before this. then after a while a virus scanner poped up (i think it's name was just virus scanner)and i imeadiately stopped it. then a pop up that said bankerfox.a trojan was infecting my comp and i need to buy their software (scamware).

ran spybot s&d then nod32 nothing showed up. restarted in safe mode ran those again found a few things with s&d. im just worried that someone could get my passwords. i saw a post somewhere that it was a keylogger.

windows 7
toshiba satellite a505
bestbuy wiped it clean before i bought it and did a bunch of tweeks
i use nod32
i use slim browser and never any other browser.

hjt log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:51:25 AM, on 12/21/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\SlimBrowser\sbrowser.exe
C:\Users\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59274
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Speech Recognition] "C:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: lxbt_device - - C:\windows\system32\lxbtcoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12205 bytes

===================================================================================================

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Owner at 15:28:48.12 on Tue 12/21/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3959.1670 [GMT -6:00]

AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\nvvsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Edited by yoyosmuggler, 21 December 2010 - 04:48 PM.

  • Operating System
    win 7 64 SP1
  • Antivirus Software
    ESET
  • Firewall
    built in
  • Computer
    Personal laptop
  • CPU
    Intel Core I5-2430M CPU @ 240 GHz
  • Motherboard
    ASUS. the one that came with it
  • Ram
    6.00 GB
  • Storage
    Hitachi HTS547564A9E384 - 571GB
  • Video Card
    don't know
  • Soundcard
    don't know
  • Power Supply
    Microsoft AC adapter
  • Case
    ASUS U56E

BC AdBot (Login to Remove)

 


#2 yoyosmuggler

yoyosmuggler
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:lousyana
  • Local time:02:05 PM

Posted 21 December 2010 - 01:18 PM

not sure if i poster this in the wrong spot or in the wrong way. i just havent gotten any replies. gonna try the training program for now i guess. edit: just read the full terms so i need 18 more posts to get into the training program.

Edited by yoyosmuggler, 21 December 2010 - 01:22 PM.

  • Operating System
    win 7 64 SP1
  • Antivirus Software
    ESET
  • Firewall
    built in
  • Computer
    Personal laptop
  • CPU
    Intel Core I5-2430M CPU @ 240 GHz
  • Motherboard
    ASUS. the one that came with it
  • Ram
    6.00 GB
  • Storage
    Hitachi HTS547564A9E384 - 571GB
  • Video Card
    don't know
  • Soundcard
    don't know
  • Power Supply
    Microsoft AC adapter
  • Case
    ASUS U56E

#3 yoyosmuggler

yoyosmuggler
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:lousyana
  • Local time:02:05 PM

Posted 21 December 2010 - 05:15 PM

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-21 16:10:34
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6D 0xF4 0x74 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF1 0x84 0x83 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0x47 0xCF 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6D 0xF4 0x74 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF1 0x84 0x83 0x31 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0x47 0xCF 0xFE ...

---- EOF - GMER 1.0.15 ----
  • Operating System
    win 7 64 SP1
  • Antivirus Software
    ESET
  • Firewall
    built in
  • Computer
    Personal laptop
  • CPU
    Intel Core I5-2430M CPU @ 240 GHz
  • Motherboard
    ASUS. the one that came with it
  • Ram
    6.00 GB
  • Storage
    Hitachi HTS547564A9E384 - 571GB
  • Video Card
    don't know
  • Soundcard
    don't know
  • Power Supply
    Microsoft AC adapter
  • Case
    ASUS U56E

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,644 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:05 PM

Posted 30 December 2010 - 06:25 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note - if you get the following warning, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Click on Cancel, then Accept.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 yoyosmuggler

yoyosmuggler
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:lousyana
  • Local time:02:05 PM

Posted 01 January 2011 - 03:42 PM

i had some help in another forum but things still dont seem right. link to other forum My link

i installed these suggested programs from them

•A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
•SpywareBlaster to help prevent spyware from installing in the first place.
•MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

my browser is super slow now

otl list:

OTL logfile created on: 1/1/2011 2:34:12 PM - Run 1
OTL by OldTimer - Version 3.2.20.0 Folder = C:\Users\Owner\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): c:\pagefile.sys 3000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.89 Gb Total Space | 15.24 Gb Free Space | 3.36% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/01 14:33:37 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/11/22 15:59:58 | 002,649,912 | ---- | M] (FlashPeak, Inc.) -- C:\Program Files (x86)\SlimBrowser\sbrowser.exe
PRC - [2010/11/04 21:04:18 | 006,174,008 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 15:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/30 21:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/02/06 13:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe


========== Modules (SafeList) ==========

MOD - [2011/01/01 14:33:37 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/10 15:54:54 | 000,824,688 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/11/05 11:19:12 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/10/29 16:14:02 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/10/21 11:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/09/28 16:46:02 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/02/06 13:27:10 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/02/06 13:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2007/05/03 03:49:48 | 000,566,704 | ---- | M] ( ) [On_Demand | Stopped] -- C:\windows\SysNative\lxbtcoms.exe -- (lxbt_device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/27 22:12:14 | 000,252,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/09/30 21:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/03 03:48:52 | 000,537,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\windows\SysWow64\lxbtcoms.exe -- (lxbt_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/02/18 00:18:46 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/28 08:25:02 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/10/15 22:11:26 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/09 20:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/10/02 14:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/28 20:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/24 17:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/07/04 21:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 10:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/06/30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/06/29 18:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 12:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/06 13:24:50 | 000,120,128 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/02/06 13:23:20 | 000,132,464 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/02/06 13:19:56 | 000,141,728 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV - [2009/05/25 14:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2065895991-1931443753-1871106541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2065895991-1931443753-1871106541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2065895991-1931443753-1871106541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-2065895991-1931443753-1871106541-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/04/01 11:37:45 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/12/29 18:53:00 | 001,045,679 | R--- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 31039 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2065895991-1931443753-1871106541-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [LXBTCATS] C:\windows\SysNative\spool\DRIVERS\x64\3\LXBTtime.DLL ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-2065895991-1931443753-1871106541-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = C:\Program Files (x86)\Best Buy Software Installer\Best Buy Software Installer.exe File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = C:\Program Files (x86)\Best Buy Software Installer\Best Buy Software Installer.exe File not found
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = C:\Program Files (x86)\Best Buy Software Installer\Best Buy Software Installer.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2065895991-1931443753-1871106541-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2065895991-1931443753-1871106541-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2065895991-1931443753-1871106541-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/01 14:33:17 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/12/29 18:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/12/29 17:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2010/12/29 17:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2010/12/29 17:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2010/12/29 17:01:41 | 000,000,000 | ---D | C] -- C:\windows\en
[2010/12/29 16:59:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2010/12/29 16:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2010/12/29 16:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/12/29 16:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2010/12/29 16:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/12/29 16:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/12/29 16:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2010/12/29 16:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/12/29 16:46:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/29 16:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/12/29 16:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/28 15:33:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2010/12/28 15:33:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/28 15:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/28 15:33:00 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2010/12/28 15:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/12/28 14:58:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/26 15:50:04 | 000,000,000 | ---D | C] -- C:\windows\temp
[2010/12/26 15:44:15 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2010/12/23 11:29:35 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\windows\SysNative\drivers\pavboot64.sys
[2010/12/23 11:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2010/12/21 19:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010/12/21 19:34:19 | 000,000,000 | ---D | C] -- C:\windows\BDOSCAN8
[2010/02/22 14:01:35 | 001,224,704 | ---- | C] ( ) -- C:\windows\SysWow64\lxbtserv.dll
[2010/02/22 14:01:35 | 000,995,328 | ---- | C] ( ) -- C:\windows\SysWow64\lxbtusb1.dll
[2010/02/22 14:01:35 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxbtpmui.dll
[2010/02/22 14:01:35 | 000,413,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxbtinpa.dll
[2010/02/22 14:01:35 | 000,397,312 | ---- | C] ( ) -- C:\windows\SysWow64\lxbtiesc.dll
[2010/02/22 14:01:35 | 000,163,840 | ---- | C] ( ) -- C:\windows\SysWow64\lxbtprox.dll
[2010/02/22 14:01:34 | 000,696,320 | ---- | C] ( ) -- C:\windows\SysWow64\lxbthbn3.dll
[2010/02/22 14:01:34 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\lxbtcomc.dll
[2010/02/22 14:01:34 | 000,585,728 | ---- | C] ( ) -- C:\windows\SysWow64\lxbtlmpm.dll
[2010/02/22 14:01:34 | 000,421,888 | ---- | C] ( ) -- C:\windows\SysWow64\lxbtcomm.dll
[2010/02/22 14:01:34 | 000,094,208 | ---- | C] ( ) -- C:\windows\SysWow64\lxbtpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/01/01 14:33:37 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/01/01 14:30:47 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2065895991-1931443753-1871106541-1000UA.job
[2011/01/01 14:30:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/01/01 14:30:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2065895991-1931443753-1871106541-1000Core.job
[2010/12/31 15:44:29 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2010/12/31 15:44:29 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2010/12/31 15:44:28 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2010/12/29 19:28:59 | 000,019,776 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/29 19:28:59 | 000,019,776 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/29 19:20:29 | 3113,361,408 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/29 18:53:00 | 001,045,679 | R--- | M] () -- C:\windows\SysNative\drivers\etc\HOSTS
[2010/12/29 17:48:09 | 000,001,198 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/12/28 15:17:27 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\HOSTS.MVP
[2010/12/23 00:29:30 | 000,000,036 | ---- | M] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2010/12/22 18:37:46 | 000,046,269 | ---- | M] () -- C:\Users\Owner\Desktop\5115.jpg
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2010/12/18 15:50:11 | 000,427,737 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20101218-155028.backup
[2010/12/18 09:06:04 | 000,423,256 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2010/12/13 16:13:47 | 000,252,906 | ---- | M] () -- C:\Users\Owner\Desktop\unemployment1.png
[2010/12/07 09:20:47 | 000,000,099 | ---- | M] () -- C:\windows\wininit.ini
[2010/12/07 08:52:57 | 000,426,705 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20101218-155011.backup
[2010/12/04 03:36:48 | 000,625,169 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20101229-185300.backup

========== Files Created - No Company Name ==========

[2010/12/29 17:48:09 | 000,001,198 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/12/23 00:29:30 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2010/12/22 18:39:12 | 000,046,269 | ---- | C] () -- C:\Users\Owner\Desktop\5115.jpg
[2010/12/13 16:13:47 | 000,252,906 | ---- | C] () -- C:\Users\Owner\Desktop\unemployment1.png
[2010/12/07 09:20:47 | 000,000,099 | ---- | C] () -- C:\windows\wininit.ini
[2010/10/27 16:50:27 | 000,000,646 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2010/08/16 12:40:30 | 000,000,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\Atetokaradewilul.dat
[2010/08/16 12:40:30 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\Bwociqusolet.bin
[2010/05/28 12:17:42 | 000,000,254 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2010/05/28 12:17:42 | 000,000,093 | ---- | C] () -- C:\windows\brpcfx.ini
[2010/05/28 12:17:15 | 000,000,419 | ---- | C] () -- C:\windows\BRWMARK.INI
[2010/05/28 12:11:59 | 000,031,767 | ---- | C] () -- C:\windows\maxlink.ini
[2010/05/16 14:51:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/28 23:06:13 | 000,200,704 | ---- | C] () -- C:\windows\SysWow64\BongoSDK.10.v40.dll
[2010/02/22 14:01:35 | 000,385,024 | ---- | C] () -- C:\windows\SysWow64\lxbtcomx.dll
[2010/02/22 14:01:35 | 000,274,432 | ---- | C] () -- C:\windows\SysWow64\lxbtinst.dll
[2010/02/10 15:30:06 | 000,007,598 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2009/12/22 18:12:17 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\windows\bdoscandellang.ini

========== LOP Check ==========

[2010/02/18 10:04:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2010/04/24 12:04:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FpSpellCheck
[2010/02/07 11:06:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2010/06/03 22:35:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ScanSoft
[2011/01/01 14:33:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SlimBrowser
[2010/10/27 16:50:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2010/05/22 05:23:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
[2010/12/29 16:58:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2010/01/23 17:21:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2010/02/07 11:59:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xilisoft Corporation
[2010/06/03 22:35:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Zeon
[2010/08/14 02:16:07 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


=============================================================================================================

extras:

OTL Extras logfile created on: 1/1/2011 2:34:12 PM - Run 1
OTL by OldTimer - Version 3.2.20.0 Folder = C:\Users\Owner\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): c:\pagefile.sys 3000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.89 Gb Total Space | 15.24 Gb Free Space | 3.36% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = SlimBrowserHtml] -- C:\Program Files (x86)\SlimBrowser\sbrowser.exe (FlashPeak, Inc.)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = SlimBrowserHtml] -- C:\Program Files (x86)\SlimBrowser\sbrowser.exe (FlashPeak, Inc.)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2065895991-1931443753-1871106541-1000\SOFTWARE\Classes\<extension>]
.html [@ = SlimBrowserHtml] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\SlimBrowser\sbrowser.exe" -nosp -ni (FlashPeak, Inc.)
https [open] -- "C:\Program Files (x86)\SlimBrowser\sbrowser.exe" -nosp -ni (FlashPeak, Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\SlimBrowser\sbrowser.exe" -nosp -ni (FlashPeak, Inc.)
https [open] -- "C:\Program Files (x86)\SlimBrowser\sbrowser.exe" -nosp -ni (FlashPeak, Inc.)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java™ 6 Update 23 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A23953CB-3147-45D6-A396-992B0666610B}" = ESET NOD32 Antivirus
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy Software Installer
"Lexmark 5200 Series" = Lexmark 5200 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 beta 3 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.03.02
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 18
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40625DE4-DCDB-44FE-84B5-E65F1365BF44}" = V-Ray for Rhinoceros
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF021F7-37A7-4086-B4F1-D5914925D18B}" = VZAccess Manager
"{50A76A32-8D75-4839-815C-93054CFD436B}" = V-Ray for Rhinoceros
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579F16AF-AFA0-488C-BE83-71F4C92EC216}" = V-Ray for Rhinoceros
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite MFC-255CW
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8058F9B8-68C6-4769-A1F2-994C4529B2C6}" = V-Ray for Rhinoceros
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Roxio Burn
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE2DB46C-EA1A-434E-AABD-50EAF626EBEE}" = ASGvis Material Studio
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}" = Microsoft Streets & Trips 2009
"{CCBC3666-5199-4702-B052-2C58FCA6EFF9}" = Rhinoceros 4.0 SR4b
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57F1897-D0F5-4E5F-99BA-80815B43283A}" = Rhinoceros 4.0 SR4
"{D7960C39-E3FD-4B46-8E97-A1E9D128F913}" = Rhinoceros 4.0 SR3
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AI RoboForm" = AI RoboForm (All Users)
"Best Buy Software Installer" = Best Buy Software Installer
"Easy Photo Recovery 2.5" = Easy Photo Recovery 2.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileHippo.com" = FileHippo.com Update Checker
"Flamingo 1.1" = Flamingo 1.1
"Flamingo 1.1 for Rhino 4.0" = Flamingo 1.1 for Rhino 4.0
"FPSpellCheck" = FPSpellCheck (remove only)
"Heavy Weapon Deluxe" = Heavy Weapon Deluxe
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HTC_WModemDriver" = WModem Driver Installer
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Rhino RDK" = Rhino RDK
"Rhinoceros 3.0" = Rhinoceros 3.0
"SlimBrowser" = FlashPeak SlimBrowser
"SpywareBlaster_is1" = SpywareBlaster 4.4
"T-Splines for Rhino" = T-Splines for Rhino
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite" = Windows Live Essentials
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2065895991-1931443753-1871106541-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/26/2010 3:21:11 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/26/2010 3:21:12 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/26/2010 3:21:24 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/2/2010 1:12:22 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/3/2010 3:28:00 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/5/2010 12:26:17 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avp.exe, version: 0.0.0.0, time stamp:
0x49224660 Faulting module name: avp.exe, version: 0.0.0.0, time stamp: 0x49224660
Exception
code: 0xc0000005 Fault offset: 0x00004b57 Faulting process id: 0x1738 Faulting application
start time: 0x01cb7d024aa4c62d Faulting application path: C:\Program Files (x86)\Xilisoft\Video
Converter Ultimate\avp.exe Faulting module path: C:\Program Files (x86)\Xilisoft\Video
Converter Ultimate\avp.exe Report Id: 6a016f3f-e8f9-11df-9a54-00266c3b8968

Error - 11/5/2010 2:25:46 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/5/2010 3:09:12 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avp.exe, version: 0.0.0.0, time stamp:
0x49224660 Faulting module name: avp.exe, version: 0.0.0.0, time stamp: 0x49224660
Exception
code: 0xc0000005 Fault offset: 0x00004b57 Faulting process id: 0x1328 Faulting application
start time: 0x01cb7d066ea0ee98 Faulting application path: C:\Program Files (x86)\Xilisoft\Video
Converter Ultimate\avp.exe Faulting module path: C:\Program Files (x86)\Xilisoft\Video
Converter Ultimate\avp.exe Report Id: 2c6cb6a1-e910-11df-9a54-00266c3b8968

Error - 11/5/2010 4:08:26 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avp.exe, version: 0.0.0.0, time stamp:
0x49224660 Faulting module name: avp.exe, version: 0.0.0.0, time stamp: 0x49224660
Exception
code: 0xc0000005 Fault offset: 0x00004b57 Faulting process id: 0x138c Faulting application
start time: 0x01cb7d1cf0619d35 Faulting application path: C:\Program Files (x86)\Xilisoft\Video
Converter Ultimate\avp.exe Faulting module path: C:\Program Files (x86)\Xilisoft\Video
Converter Ultimate\avp.exe Report Id: 72bef26a-e918-11df-9a54-00266c3b8968

Error - 11/6/2010 7:19:00 AM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avp.exe, version: 0.0.0.0, time stamp:
0x49224660 Faulting module name: avp.exe, version: 0.0.0.0, time stamp: 0x49224660
Exception
code: 0xc0000005 Fault offset: 0x00004b57 Faulting process id: 0xef0 Faulting application
start time: 0x01cb7d920ba0058d Faulting application path: C:\Program Files (x86)\Xilisoft\Video
Converter Ultimate\avp.exe Faulting module path: C:\Program Files (x86)\Xilisoft\Video
Converter Ultimate\avp.exe Report Id: a6dafa4c-e997-11df-a9f7-0026b6b32e88

[ System Events ]
Error - 12/18/2010 5:23:34 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/18/2010 5:23:34 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/18/2010 5:28:34 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/18/2010 5:28:34 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/18/2010 5:28:34 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/18/2010 5:30:40 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/18/2010 5:30:40 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/18/2010 5:30:40 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/18/2010 5:39:10 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 12/18/2010 5:39:10 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053


< End of report >

Edited by yoyosmuggler, 01 January 2011 - 04:12 PM.

  • Operating System
    win 7 64 SP1
  • Antivirus Software
    ESET
  • Firewall
    built in
  • Computer
    Personal laptop
  • CPU
    Intel Core I5-2430M CPU @ 240 GHz
  • Motherboard
    ASUS. the one that came with it
  • Ram
    6.00 GB
  • Storage
    Hitachi HTS547564A9E384 - 571GB
  • Video Card
    don't know
  • Soundcard
    don't know
  • Power Supply
    Microsoft AC adapter
  • Case
    ASUS U56E

#6 yoyosmuggler

yoyosmuggler
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:lousyana
  • Local time:02:05 PM

Posted 01 January 2011 - 03:48 PM

i tried to run RKunhook but got this error message

Posted Image
  • Operating System
    win 7 64 SP1
  • Antivirus Software
    ESET
  • Firewall
    built in
  • Computer
    Personal laptop
  • CPU
    Intel Core I5-2430M CPU @ 240 GHz
  • Motherboard
    ASUS. the one that came with it
  • Ram
    6.00 GB
  • Storage
    Hitachi HTS547564A9E384 - 571GB
  • Video Card
    don't know
  • Soundcard
    don't know
  • Power Supply
    Microsoft AC adapter
  • Case
    ASUS U56E

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,644 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:05 PM

Posted 01 January 2011 - 03:56 PM

That is because you have a 64 bit system.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#8 yoyosmuggler

yoyosmuggler
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:lousyana
  • Local time:02:05 PM

Posted 01 January 2011 - 06:42 PM

i dont know if you noticed but the first logs i posted earlier. i edited it at the top to show what i previously did with another forum. it has a link. also i got 4 error messages when running combofix. "PEV.cfxxe has stoped working"

ComboFix 11-01-01.01 - Owner 01/01/2011 15:58:20.2.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3959.2205 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))
.

2011-01-01 22:07 . 2011-01-01 22:07 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-01-01 22:07 . 2011-01-01 22:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-01 22:07 . 2011-01-01 22:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-01-01 20:42 . 2011-01-01 21:13 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2010-12-31 21:43 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FDAD379A-A6C8-4B58-9F4E-7548EDC7B62B}\mpengine.dll
2010-12-29 23:02 . 2010-12-29 23:02 -------- d-----w- c:\program files (x86)\SpywareBlaster
2010-12-29 23:01 . 2010-12-29 23:01 -------- d-----w- c:\windows\en
2010-12-29 22:59 . 2010-12-29 22:59 -------- d-----w- c:\program files\Windows Live
2010-12-29 22:58 . 2009-09-04 23:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2010-12-29 22:58 . 2009-09-04 23:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2010-12-29 22:58 . 2009-09-04 23:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2010-12-29 22:57 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2010-12-29 22:57 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2010-12-29 22:53 . 2010-12-29 22:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2010-12-29 22:51 . 2010-12-29 22:51 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2010-12-29 22:49 . 2010-12-29 22:49 -------- d-----w- c:\program files (x86)\FileHippo.com
2010-12-29 22:46 . 2010-12-29 22:46 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2010-12-29 22:45 . 2010-12-29 22:45 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2010-12-29 22:44 . 2010-12-29 22:44 -------- d-----w- c:\program files\Java
2010-12-28 21:33 . 2010-12-28 21:33 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2010-12-28 21:33 . 2010-12-28 21:33 -------- d-----w- c:\programdata\Malwarebytes
2010-12-28 21:33 . 2010-12-21 00:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-28 21:33 . 2010-12-28 21:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-23 17:29 . 2010-12-23 17:29 -------- d-----w- c:\program files (x86)\Panda Security
2010-12-22 01:46 . 2010-12-22 01:46 -------- d-----w- c:\programdata\F-Secure
2010-12-22 01:34 . 2010-12-22 01:34 -------- d-----w- c:\windows\BDOSCAN8
2010-12-18 09:43 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-18 09:43 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-18 09:43 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-18 09:43 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-12-18 09:43 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-12-18 09:43 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-18 09:43 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-18 09:42 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-18 09:39 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-18 09:39 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-18 09:39 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 08:54 . 2010-11-10 08:54 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2010-11-10 08:28 . 2010-11-10 08:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2010-11-05 6174008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1255736]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-18 834544]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 132464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-28 252784]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 120128]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-29 81408]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-01-28 86120]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]

.
Contents of the 'Scheduled Tasks' folder

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2065895991-1931443753-1871106541-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-23 03:23]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2065895991-1931443753-1871106541-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-23 03:23]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8312352]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2680696]
"LXBTCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBTtime.dll" [2007-05-03 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-18 16414824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: {B383BCB2-284B-4DE3-9FEE-29C78955CA9C} = 68.105.28.11,68.105.29.11
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-01 16:14:20
ComboFix-quarantined-files.txt 2011-01-01 22:14

Pre-Run: 16,269,475,840 bytes free
Post-Run: 15,888,842,752 bytes free

- - End Of File - - 8BA69A791339E6827BA4877F69964D80

Edited by yoyosmuggler, 01 January 2011 - 06:44 PM.

  • Operating System
    win 7 64 SP1
  • Antivirus Software
    ESET
  • Firewall
    built in
  • Computer
    Personal laptop
  • CPU
    Intel Core I5-2430M CPU @ 240 GHz
  • Motherboard
    ASUS. the one that came with it
  • Ram
    6.00 GB
  • Storage
    Hitachi HTS547564A9E384 - 571GB
  • Video Card
    don't know
  • Soundcard
    don't know
  • Power Supply
    Microsoft AC adapter
  • Case
    ASUS U56E

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,644 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:05 PM

Posted 02 January 2011 - 02:43 AM

Thanks for reminding me of that. :) I requested the MBAM topic to be closed to avoid any confusion.
Lets see if we are dealing with a rootkit here.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#10 yoyosmuggler

yoyosmuggler
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:lousyana
  • Local time:02:05 PM

Posted 02 January 2011 - 03:39 AM

i only have three options after scan with TDSS - skip, copy to quarantine, and delete. there is no option for cure
  • Operating System
    win 7 64 SP1
  • Antivirus Software
    ESET
  • Firewall
    built in
  • Computer
    Personal laptop
  • CPU
    Intel Core I5-2430M CPU @ 240 GHz
  • Motherboard
    ASUS. the one that came with it
  • Ram
    6.00 GB
  • Storage
    Hitachi HTS547564A9E384 - 571GB
  • Video Card
    don't know
  • Soundcard
    don't know
  • Power Supply
    Microsoft AC adapter
  • Case
    ASUS U56E

#11 yoyosmuggler

yoyosmuggler
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:lousyana
  • Local time:02:05 PM

Posted 02 January 2011 - 03:58 AM

i just did the copy to quarantine. and i have 2 logs they look the same to me but maybe there is some difference in them.

2011/01/02 02:12:18.0437 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/02 02:12:18.0437 ================================================================================
2011/01/02 02:12:18.0437 SystemInfo:
2011/01/02 02:12:18.0437
2011/01/02 02:12:18.0437 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/02 02:12:18.0437 Product type: Workstation
2011/01/02 02:12:18.0437 ComputerName: OWNER-PC
2011/01/02 02:12:18.0438 UserName: Owner
2011/01/02 02:12:18.0438 Windows directory: C:\windows
2011/01/02 02:12:18.0438 System windows directory: C:\windows
2011/01/02 02:12:18.0438 Running under WOW64
2011/01/02 02:12:18.0438 Processor architecture: Intel x64
2011/01/02 02:12:18.0438 Number of processors: 4
2011/01/02 02:12:18.0438 Page size: 0x1000
2011/01/02 02:12:18.0438 Boot type: Normal boot
2011/01/02 02:12:18.0438 ================================================================================
2011/01/02 02:12:18.0438 Utility is running under WOW64
2011/01/02 02:12:18.0668 Initialize success
2011/01/02 02:18:36.0761 ================================================================================
2011/01/02 02:18:36.0761 Scan started
2011/01/02 02:18:36.0761 Mode: Manual;
2011/01/02 02:18:36.0761 ================================================================================
2011/01/02 02:18:37.0183 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
2011/01/02 02:18:37.0229 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
2011/01/02 02:18:37.0292 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
2011/01/02 02:18:37.0370 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
2011/01/02 02:18:37.0479 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2011/01/02 02:18:37.0526 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
2011/01/02 02:18:37.0588 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys
2011/01/02 02:18:37.0666 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
2011/01/02 02:18:37.0744 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
2011/01/02 02:18:37.0838 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
2011/01/02 02:18:37.0900 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2011/01/02 02:18:37.0947 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2011/01/02 02:18:38.0025 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys
2011/01/02 02:18:38.0087 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2011/01/02 02:18:38.0119 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys
2011/01/02 02:18:38.0197 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
2011/01/02 02:18:38.0353 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2011/01/02 02:18:38.0384 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2011/01/02 02:18:38.0446 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2011/01/02 02:18:38.0509 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
2011/01/02 02:18:38.0633 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
2011/01/02 02:18:38.0743 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2011/01/02 02:18:38.0789 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
2011/01/02 02:18:38.0930 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2011/01/02 02:18:38.0961 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys
2011/01/02 02:18:39.0008 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/01/02 02:18:39.0070 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/01/02 02:18:39.0148 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\windows\system32\DRIVERS\BrSerIb.sys
2011/01/02 02:18:39.0242 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2011/01/02 02:18:39.0273 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2011/01/02 02:18:39.0367 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/01/02 02:18:39.0413 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2011/01/02 02:18:39.0507 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\windows\system32\DRIVERS\BrUsbSIb.sys
2011/01/02 02:18:39.0569 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2011/01/02 02:18:39.0663 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2011/01/02 02:18:39.0725 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
2011/01/02 02:18:39.0803 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2011/01/02 02:18:39.0866 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2011/01/02 02:18:39.0975 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2011/01/02 02:18:40.0037 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
2011/01/02 02:18:40.0069 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
2011/01/02 02:18:40.0162 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2011/01/02 02:18:40.0225 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/01/02 02:18:40.0334 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2011/01/02 02:18:40.0412 CSC (4a6173c2279b498cd8f57cae504564cb) C:\windows\system32\drivers\csc.sys
2011/01/02 02:18:40.0537 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys
2011/01/02 02:18:40.0599 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2011/01/02 02:18:40.0693 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2011/01/02 02:18:40.0802 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2011/01/02 02:18:40.0849 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\windows\System32\drivers\dxgkrnl.sys
2011/01/02 02:18:40.0973 eamon (6a6bdaec4df4725d22731f2736880283) C:\windows\system32\DRIVERS\eamon.sys
2011/01/02 02:18:41.0098 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2011/01/02 02:18:41.0317 ehdrv (00bdd2b658b8f6f35a7374cdb41efd5c) C:\windows\system32\DRIVERS\ehdrv.sys
2011/01/02 02:18:41.0457 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2011/01/02 02:18:41.0566 epfwwfpr (d1449f7c44beeba971324fea295747d3) C:\windows\system32\DRIVERS\epfwwfpr.sys
2011/01/02 02:18:41.0613 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
2011/01/02 02:18:41.0660 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2011/01/02 02:18:41.0738 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2011/01/02 02:18:41.0831 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2011/01/02 02:18:41.0909 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2011/01/02 02:18:41.0956 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2011/01/02 02:18:42.0034 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2011/01/02 02:18:42.0097 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
2011/01/02 02:18:42.0143 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
2011/01/02 02:18:42.0206 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2011/01/02 02:18:42.0299 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
2011/01/02 02:18:42.0362 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
2011/01/02 02:18:42.0440 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/01/02 02:18:42.0502 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2011/01/02 02:18:42.0580 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
2011/01/02 02:18:42.0658 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/01/02 02:18:42.0736 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
2011/01/02 02:18:42.0814 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2011/01/02 02:18:42.0861 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2011/01/02 02:18:42.0939 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2011/01/02 02:18:43.0064 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
2011/01/02 02:18:43.0189 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/01/02 02:18:43.0251 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
2011/01/02 02:18:43.0345 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
2011/01/02 02:18:43.0376 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
2011/01/02 02:18:43.0485 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\windows\system32\DRIVERS\iaStor.sys
2011/01/02 02:18:43.0610 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys
2011/01/02 02:18:43.0657 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2011/01/02 02:18:43.0797 IntcAzAudAddService (450bec18b45bccfdc923e11f856dbda7) C:\windows\system32\drivers\RTKVHD64.sys
2011/01/02 02:18:43.0906 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
2011/01/02 02:18:43.0937 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2011/01/02 02:18:44.0047 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/01/02 02:18:44.0078 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/01/02 02:18:44.0171 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2011/01/02 02:18:44.0218 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2011/01/02 02:18:44.0296 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
2011/01/02 02:18:44.0343 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
2011/01/02 02:18:44.0437 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
2011/01/02 02:18:44.0483 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
2011/01/02 02:18:44.0593 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
2011/01/02 02:18:44.0639 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
2011/01/02 02:18:44.0733 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2011/01/02 02:18:44.0811 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\windows\system32\DRIVERS\LHidFilt.Sys
2011/01/02 02:18:44.0889 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2011/01/02 02:18:44.0967 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\windows\system32\DRIVERS\LMouFilt.Sys
2011/01/02 02:18:45.0107 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/01/02 02:18:45.0123 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/01/02 02:18:45.0170 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/01/02 02:18:45.0263 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/01/02 02:18:45.0295 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2011/01/02 02:18:45.0404 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2011/01/02 02:18:45.0435 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2011/01/02 02:18:45.0466 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2011/01/02 02:18:45.0560 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2011/01/02 02:18:45.0591 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
2011/01/02 02:18:45.0685 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2011/01/02 02:18:45.0731 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
2011/01/02 02:18:45.0747 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
2011/01/02 02:18:45.0841 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2011/01/02 02:18:45.0887 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
2011/01/02 02:18:45.0934 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/01/02 02:18:46.0043 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/01/02 02:18:46.0075 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/01/02 02:18:46.0090 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
2011/01/02 02:18:46.0168 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
2011/01/02 02:18:46.0231 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2011/01/02 02:18:46.0309 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2011/01/02 02:18:46.0340 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
2011/01/02 02:18:46.0387 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2011/01/02 02:18:46.0465 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2011/01/02 02:18:46.0496 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2011/01/02 02:18:46.0589 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
2011/01/02 02:18:46.0636 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
2011/01/02 02:18:46.0714 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2011/01/02 02:18:46.0745 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2011/01/02 02:18:46.0777 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
2011/01/02 02:18:46.0886 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
2011/01/02 02:18:46.0948 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
2011/01/02 02:18:47.0057 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2011/01/02 02:18:47.0089 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2011/01/02 02:18:47.0198 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
2011/01/02 02:18:47.0229 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
2011/01/02 02:18:47.0323 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
2011/01/02 02:18:47.0354 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2011/01/02 02:18:47.0447 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
2011/01/02 02:18:47.0572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2011/01/02 02:18:47.0728 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2011/01/02 02:18:47.0822 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2011/01/02 02:18:47.0900 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys
2011/01/02 02:18:47.0993 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2011/01/02 02:18:48.0056 NVHDA (cddd4478757288df4bb1494bfd084259) C:\windows\system32\drivers\nvhda64v.sys
2011/01/02 02:18:48.0399 nvlddmkm (4881c7155d50116a4c5e7d038483d6bf) C:\windows\system32\DRIVERS\nvlddmkm.sys
2011/01/02 02:18:48.0539 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys
2011/01/02 02:18:48.0586 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys
2011/01/02 02:18:48.0695 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
2011/01/02 02:18:48.0773 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
2011/01/02 02:18:48.0851 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2011/01/02 02:18:48.0898 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
2011/01/02 02:18:48.0992 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\windows\system32\drivers\pavboot64.sys
2011/01/02 02:18:49.0054 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
2011/01/02 02:18:49.0132 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
2011/01/02 02:18:49.0179 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2011/01/02 02:18:49.0226 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2011/01/02 02:18:49.0288 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2011/01/02 02:18:49.0444 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
2011/01/02 02:18:49.0553 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
2011/01/02 02:18:49.0616 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2011/01/02 02:18:49.0694 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
2011/01/02 02:18:49.0772 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys
2011/01/02 02:18:49.0850 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2011/01/02 02:18:49.0959 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2011/01/02 02:18:50.0006 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2011/01/02 02:18:50.0037 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
2011/01/02 02:18:50.0131 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/01/02 02:18:50.0162 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/01/02 02:18:50.0177 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2011/01/02 02:18:50.0287 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2011/01/02 02:18:50.0318 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
2011/01/02 02:18:50.0349 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2011/01/02 02:18:50.0443 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/01/02 02:18:50.0489 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\windows\system32\drivers\rdpdr.sys
2011/01/02 02:18:50.0583 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2011/01/02 02:18:50.0630 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2011/01/02 02:18:50.0723 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
2011/01/02 02:18:50.0833 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
2011/01/02 02:18:50.0942 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\windows\system32\DRIVERS\rimspe64.sys
2011/01/02 02:18:50.0973 risdpcie (7dda2e5cf452dad24b1be704225c18ee) C:\windows\system32\DRIVERS\risdpe64.sys
2011/01/02 02:18:51.0004 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\windows\system32\DRIVERS\rixdpe64.sys
2011/01/02 02:18:51.0098 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2011/01/02 02:18:51.0145 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\windows\system32\DRIVERS\Rt64win7.sys
2011/01/02 02:18:51.0285 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\windows\system32\DRIVERS\rtl8192se.sys
2011/01/02 02:18:51.0379 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\windows\system32\DRIVERS\vms3cap.sys
2011/01/02 02:18:51.0425 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
2011/01/02 02:18:51.0550 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
2011/01/02 02:18:51.0691 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\drivers\sdbus.sys
2011/01/02 02:18:51.0753 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2011/01/02 02:18:51.0862 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2011/01/02 02:18:51.0925 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2011/01/02 02:18:52.0003 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2011/01/02 02:18:52.0096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
2011/01/02 02:18:52.0143 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
2011/01/02 02:18:52.0221 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\drivers\sffp_sd.sys
2011/01/02 02:18:52.0283 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2011/01/02 02:18:52.0377 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/01/02 02:18:52.0424 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2011/01/02 02:18:52.0502 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2011/01/02 02:18:52.0595 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
2011/01/02 02:18:52.0689 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2011/01/02 02:18:52.0845 sptd (602884696850c86434530790b110e8eb) C:\windows\system32\Drivers\sptd.sys
2011/01/02 02:18:52.0845 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/01/02 02:18:52.0845 sptd - detected Locked file (1)
2011/01/02 02:18:52.0954 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\windows\system32\DRIVERS\srv.sys
2011/01/02 02:18:53.0063 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\windows\system32\DRIVERS\srv2.sys
2011/01/02 02:18:53.0173 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
2011/01/02 02:18:53.0251 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
2011/01/02 02:18:53.0360 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
2011/01/02 02:18:53.0485 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\windows\system32\DRIVERS\srvnet.sys
2011/01/02 02:18:53.0547 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2011/01/02 02:18:53.0641 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
2011/01/02 02:18:53.0687 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\windows\system32\DRIVERS\vmstorfl.sys
2011/01/02 02:18:53.0797 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\windows\system32\DRIVERS\storvsc.sys
2011/01/02 02:18:53.0828 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
2011/01/02 02:18:53.0937 SynTP (e28ca52ecf8cb6eb04b34de440ba260e) C:\windows\system32\DRIVERS\SynTP.sys
2011/01/02 02:18:54.0077 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\drivers\tcpip.sys
2011/01/02 02:18:54.0233 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\DRIVERS\tcpip.sys
2011/01/02 02:18:54.0343 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
2011/01/02 02:18:54.0405 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/01/02 02:18:54.0483 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2011/01/02 02:18:54.0514 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2011/01/02 02:18:54.0545 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
2011/01/02 02:18:54.0639 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
2011/01/02 02:18:54.0748 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
2011/01/02 02:18:54.0779 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
2011/01/02 02:18:54.0920 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
2011/01/02 02:18:55.0029 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/01/02 02:18:55.0107 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
2011/01/02 02:18:55.0185 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/01/02 02:18:55.0247 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
2011/01/02 02:18:55.0310 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2011/01/02 02:18:55.0357 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
2011/01/02 02:18:55.0450 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/01/02 02:18:55.0497 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
2011/01/02 02:18:55.0544 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2011/01/02 02:18:55.0669 usbbus (5fcc71487888589a9244af54cfefab29) C:\windows\system32\DRIVERS\lgx64bus.sys
2011/01/02 02:18:55.0731 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
2011/01/02 02:18:55.0809 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
2011/01/02 02:18:55.0871 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\windows\system32\DRIVERS\lgx64diag.sys
2011/01/02 02:18:55.0949 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\windows\system32\DRIVERS\usbehci.sys
2011/01/02 02:18:56.0027 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\windows\system32\DRIVERS\usbhub.sys
2011/01/02 02:18:56.0105 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\windows\system32\DRIVERS\lgx64modem.sys
2011/01/02 02:18:56.0168 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
2011/01/02 02:18:56.0246 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2011/01/02 02:18:56.0308 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
2011/01/02 02:18:56.0339 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/01/02 02:18:56.0417 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
2011/01/02 02:18:56.0495 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
2011/01/02 02:18:56.0558 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/01/02 02:18:56.0620 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2011/01/02 02:18:56.0683 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2011/01/02 02:18:56.0729 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
2011/01/02 02:18:56.0807 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
2011/01/02 02:18:56.0885 vmbus (1501699d7eda984abc4155a7da5738d1) C:\windows\system32\DRIVERS\vmbus.sys
2011/01/02 02:18:56.0948 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\windows\system32\DRIVERS\VMBusHID.sys
2011/01/02 02:18:56.0995 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
2011/01/02 02:18:57.0026 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
2011/01/02 02:18:57.0104 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
2011/01/02 02:18:57.0166 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2011/01/02 02:18:57.0244 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
2011/01/02 02:18:57.0275 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
2011/01/02 02:18:57.0307 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2011/01/02 02:18:57.0369 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/02 02:18:57.0400 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/02 02:18:57.0463 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2011/01/02 02:18:57.0541 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2011/01/02 02:18:57.0665 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2011/01/02 02:18:57.0697 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2011/01/02 02:18:57.0837 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
2011/01/02 02:18:57.0977 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/01/02 02:18:58.0118 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2011/01/02 02:18:58.0180 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
2011/01/02 02:18:58.0274 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/01/02 02:18:58.0352 ================================================================================
2011/01/02 02:18:58.0352 Scan finished
2011/01/02 02:18:58.0352 ================================================================================
2011/01/02 02:18:58.0367 Detected object count: 1
2011/01/02 02:52:56.0570 sptd (602884696850c86434530790b110e8eb) C:\windows\system32\Drivers\sptd.sys
2011/01/02 02:52:56.0570 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/01/02 02:52:56.0570 C:\windows\system32\Drivers\sptd.sys - copied to quarantine
2011/01/02 02:52:56.0570 Locked file(sptd) - User select action: Quarantine





----------------------------------------------------------------------------------------------------------------
2nd log

2011/01/02 02:12:18.0437 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/02 02:12:18.0437 ================================================================================
2011/01/02 02:12:18.0437 SystemInfo:
2011/01/02 02:12:18.0437
2011/01/02 02:12:18.0437 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/02 02:12:18.0437 Product type: Workstation
2011/01/02 02:12:18.0437 ComputerName: OWNER-PC
2011/01/02 02:12:18.0438 UserName: Owner
2011/01/02 02:12:18.0438 Windows directory: C:\windows
2011/01/02 02:12:18.0438 System windows directory: C:\windows
2011/01/02 02:12:18.0438 Running under WOW64
2011/01/02 02:12:18.0438 Processor architecture: Intel x64
2011/01/02 02:12:18.0438 Number of processors: 4
2011/01/02 02:12:18.0438 Page size: 0x1000
2011/01/02 02:12:18.0438 Boot type: Normal boot
2011/01/02 02:12:18.0438 ================================================================================
2011/01/02 02:12:18.0438 Utility is running under WOW64
2011/01/02 02:12:18.0668 Initialize success
2011/01/02 02:18:36.0761 ================================================================================
2011/01/02 02:18:36.0761 Scan started
2011/01/02 02:18:36.0761 Mode: Manual;
2011/01/02 02:18:36.0761 ================================================================================
2011/01/02 02:18:37.0183 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
2011/01/02 02:18:37.0229 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
2011/01/02 02:18:37.0292 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
2011/01/02 02:18:37.0370 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
2011/01/02 02:18:37.0479 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2011/01/02 02:18:37.0526 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
2011/01/02 02:18:37.0588 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys
2011/01/02 02:18:37.0666 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
2011/01/02 02:18:37.0744 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
2011/01/02 02:18:37.0838 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
2011/01/02 02:18:37.0900 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2011/01/02 02:18:37.0947 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2011/01/02 02:18:38.0025 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys
2011/01/02 02:18:38.0087 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2011/01/02 02:18:38.0119 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys
2011/01/02 02:18:38.0197 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
2011/01/02 02:18:38.0353 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2011/01/02 02:18:38.0384 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2011/01/02 02:18:38.0446 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2011/01/02 02:18:38.0509 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
2011/01/02 02:18:38.0633 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
2011/01/02 02:18:38.0743 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2011/01/02 02:18:38.0789 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
2011/01/02 02:18:38.0930 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2011/01/02 02:18:38.0961 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys
2011/01/02 02:18:39.0008 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/01/02 02:18:39.0070 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/01/02 02:18:39.0148 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\windows\system32\DRIVERS\BrSerIb.sys
2011/01/02 02:18:39.0242 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2011/01/02 02:18:39.0273 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2011/01/02 02:18:39.0367 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/01/02 02:18:39.0413 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2011/01/02 02:18:39.0507 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\windows\system32\DRIVERS\BrUsbSIb.sys
2011/01/02 02:18:39.0569 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2011/01/02 02:18:39.0663 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2011/01/02 02:18:39.0725 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
2011/01/02 02:18:39.0803 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2011/01/02 02:18:39.0866 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2011/01/02 02:18:39.0975 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2011/01/02 02:18:40.0037 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
2011/01/02 02:18:40.0069 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
2011/01/02 02:18:40.0162 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2011/01/02 02:18:40.0225 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/01/02 02:18:40.0334 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2011/01/02 02:18:40.0412 CSC (4a6173c2279b498cd8f57cae504564cb) C:\windows\system32\drivers\csc.sys
2011/01/02 02:18:40.0537 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys
2011/01/02 02:18:40.0599 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2011/01/02 02:18:40.0693 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2011/01/02 02:18:40.0802 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2011/01/02 02:18:40.0849 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\windows\System32\drivers\dxgkrnl.sys
2011/01/02 02:18:40.0973 eamon (6a6bdaec4df4725d22731f2736880283) C:\windows\system32\DRIVERS\eamon.sys
2011/01/02 02:18:41.0098 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2011/01/02 02:18:41.0317 ehdrv (00bdd2b658b8f6f35a7374cdb41efd5c) C:\windows\system32\DRIVERS\ehdrv.sys
2011/01/02 02:18:41.0457 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2011/01/02 02:18:41.0566 epfwwfpr (d1449f7c44beeba971324fea295747d3) C:\windows\system32\DRIVERS\epfwwfpr.sys
2011/01/02 02:18:41.0613 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
2011/01/02 02:18:41.0660 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2011/01/02 02:18:41.0738 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2011/01/02 02:18:41.0831 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2011/01/02 02:18:41.0909 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2011/01/02 02:18:41.0956 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2011/01/02 02:18:42.0034 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2011/01/02 02:18:42.0097 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
2011/01/02 02:18:42.0143 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
2011/01/02 02:18:42.0206 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2011/01/02 02:18:42.0299 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
2011/01/02 02:18:42.0362 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
2011/01/02 02:18:42.0440 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/01/02 02:18:42.0502 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2011/01/02 02:18:42.0580 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
2011/01/02 02:18:42.0658 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/01/02 02:18:42.0736 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
2011/01/02 02:18:42.0814 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2011/01/02 02:18:42.0861 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2011/01/02 02:18:42.0939 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2011/01/02 02:18:43.0064 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
2011/01/02 02:18:43.0189 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/01/02 02:18:43.0251 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
2011/01/02 02:18:43.0345 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
2011/01/02 02:18:43.0376 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
2011/01/02 02:18:43.0485 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\windows\system32\DRIVERS\iaStor.sys
2011/01/02 02:18:43.0610 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys
2011/01/02 02:18:43.0657 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2011/01/02 02:18:43.0797 IntcAzAudAddService (450bec18b45bccfdc923e11f856dbda7) C:\windows\system32\drivers\RTKVHD64.sys
2011/01/02 02:18:43.0906 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
2011/01/02 02:18:43.0937 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2011/01/02 02:18:44.0047 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/01/02 02:18:44.0078 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/01/02 02:18:44.0171 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2011/01/02 02:18:44.0218 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2011/01/02 02:18:44.0296 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
2011/01/02 02:18:44.0343 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
2011/01/02 02:18:44.0437 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
2011/01/02 02:18:44.0483 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
2011/01/02 02:18:44.0593 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
2011/01/02 02:18:44.0639 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
2011/01/02 02:18:44.0733 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2011/01/02 02:18:44.0811 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\windows\system32\DRIVERS\LHidFilt.Sys
2011/01/02 02:18:44.0889 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2011/01/02 02:18:44.0967 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\windows\system32\DRIVERS\LMouFilt.Sys
2011/01/02 02:18:45.0107 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/01/02 02:18:45.0123 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/01/02 02:18:45.0170 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/01/02 02:18:45.0263 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/01/02 02:18:45.0295 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2011/01/02 02:18:45.0404 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2011/01/02 02:18:45.0435 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2011/01/02 02:18:45.0466 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2011/01/02 02:18:45.0560 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2011/01/02 02:18:45.0591 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
2011/01/02 02:18:45.0685 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2011/01/02 02:18:45.0731 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
2011/01/02 02:18:45.0747 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
2011/01/02 02:18:45.0841 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2011/01/02 02:18:45.0887 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
2011/01/02 02:18:45.0934 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/01/02 02:18:46.0043 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/01/02 02:18:46.0075 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/01/02 02:18:46.0090 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
2011/01/02 02:18:46.0168 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
2011/01/02 02:18:46.0231 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2011/01/02 02:18:46.0309 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2011/01/02 02:18:46.0340 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
2011/01/02 02:18:46.0387 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2011/01/02 02:18:46.0465 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2011/01/02 02:18:46.0496 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2011/01/02 02:18:46.0589 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
2011/01/02 02:18:46.0636 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
2011/01/02 02:18:46.0714 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2011/01/02 02:18:46.0745 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2011/01/02 02:18:46.0777 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
2011/01/02 02:18:46.0886 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
2011/01/02 02:18:46.0948 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
2011/01/02 02:18:47.0057 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2011/01/02 02:18:47.0089 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2011/01/02 02:18:47.0198 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
2011/01/02 02:18:47.0229 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
2011/01/02 02:18:47.0323 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
2011/01/02 02:18:47.0354 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2011/01/02 02:18:47.0447 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
2011/01/02 02:18:47.0572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2011/01/02 02:18:47.0728 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2011/01/02 02:18:47.0822 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2011/01/02 02:18:47.0900 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys
2011/01/02 02:18:47.0993 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2011/01/02 02:18:48.0056 NVHDA (cddd4478757288df4bb1494bfd084259) C:\windows\system32\drivers\nvhda64v.sys
2011/01/02 02:18:48.0399 nvlddmkm (4881c7155d50116a4c5e7d038483d6bf) C:\windows\system32\DRIVERS\nvlddmkm.sys
2011/01/02 02:18:48.0539 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys
2011/01/02 02:18:48.0586 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys
2011/01/02 02:18:48.0695 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
2011/01/02 02:18:48.0773 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
2011/01/02 02:18:48.0851 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2011/01/02 02:18:48.0898 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
2011/01/02 02:18:48.0992 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\windows\system32\drivers\pavboot64.sys
2011/01/02 02:18:49.0054 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
2011/01/02 02:18:49.0132 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
2011/01/02 02:18:49.0179 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2011/01/02 02:18:49.0226 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2011/01/02 02:18:49.0288 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2011/01/02 02:18:49.0444 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
2011/01/02 02:18:49.0553 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
2011/01/02 02:18:49.0616 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2011/01/02 02:18:49.0694 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
2011/01/02 02:18:49.0772 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys
2011/01/02 02:18:49.0850 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2011/01/02 02:18:49.0959 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2011/01/02 02:18:50.0006 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2011/01/02 02:18:50.0037 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
2011/01/02 02:18:50.0131 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/01/02 02:18:50.0162 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/01/02 02:18:50.0177 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2011/01/02 02:18:50.0287 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2011/01/02 02:18:50.0318 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
2011/01/02 02:18:50.0349 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2011/01/02 02:18:50.0443 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/01/02 02:18:50.0489 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\windows\system32\drivers\rdpdr.sys
2011/01/02 02:18:50.0583 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2011/01/02 02:18:50.0630 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2011/01/02 02:18:50.0723 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
2011/01/02 02:18:50.0833 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
2011/01/02 02:18:50.0942 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\windows\system32\DRIVERS\rimspe64.sys
2011/01/02 02:18:50.0973 risdpcie (7dda2e5cf452dad24b1be704225c18ee) C:\windows\system32\DRIVERS\risdpe64.sys
2011/01/02 02:18:51.0004 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\windows\system32\DRIVERS\rixdpe64.sys
2011/01/02 02:18:51.0098 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2011/01/02 02:18:51.0145 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\windows\system32\DRIVERS\Rt64win7.sys
2011/01/02 02:18:51.0285 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\windows\system32\DRIVERS\rtl8192se.sys
2011/01/02 02:18:51.0379 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\windows\system32\DRIVERS\vms3cap.sys
2011/01/02 02:18:51.0425 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
2011/01/02 02:18:51.0550 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
2011/01/02 02:18:51.0691 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\drivers\sdbus.sys
2011/01/02 02:18:51.0753 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2011/01/02 02:18:51.0862 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2011/01/02 02:18:51.0925 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2011/01/02 02:18:52.0003 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2011/01/02 02:18:52.0096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
2011/01/02 02:18:52.0143 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
2011/01/02 02:18:52.0221 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\drivers\sffp_sd.sys
2011/01/02 02:18:52.0283 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2011/01/02 02:18:52.0377 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/01/02 02:18:52.0424 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2011/01/02 02:18:52.0502 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2011/01/02 02:18:52.0595 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
2011/01/02 02:18:52.0689 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2011/01/02 02:18:52.0845 sptd (602884696850c86434530790b110e8eb) C:\windows\system32\Drivers\sptd.sys
2011/01/02 02:18:52.0845 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/01/02 02:18:52.0845 sptd - detected Locked file (1)
2011/01/02 02:18:52.0954 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\windows\system32\DRIVERS\srv.sys
2011/01/02 02:18:53.0063 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\windows\system32\DRIVERS\srv2.sys
2011/01/02 02:18:53.0173 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
2011/01/02 02:18:53.0251 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
2011/01/02 02:18:53.0360 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
2011/01/02 02:18:53.0485 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\windows\system32\DRIVERS\srvnet.sys
2011/01/02 02:18:53.0547 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2011/01/02 02:18:53.0641 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
2011/01/02 02:18:53.0687 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\windows\system32\DRIVERS\vmstorfl.sys
2011/01/02 02:18:53.0797 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\windows\system32\DRIVERS\storvsc.sys
2011/01/02 02:18:53.0828 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
2011/01/02 02:18:53.0937 SynTP (e28ca52ecf8cb6eb04b34de440ba260e) C:\windows\system32\DRIVERS\SynTP.sys
2011/01/02 02:18:54.0077 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\drivers\tcpip.sys
2011/01/02 02:18:54.0233 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\DRIVERS\tcpip.sys
2011/01/02 02:18:54.0343 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
2011/01/02 02:18:54.0405 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/01/02 02:18:54.0483 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2011/01/02 02:18:54.0514 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2011/01/02 02:18:54.0545 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
2011/01/02 02:18:54.0639 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
2011/01/02 02:18:54.0748 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
2011/01/02 02:18:54.0779 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
2011/01/02 02:18:54.0920 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
2011/01/02 02:18:55.0029 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/01/02 02:18:55.0107 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
2011/01/02 02:18:55.0185 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/01/02 02:18:55.0247 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
2011/01/02 02:18:55.0310 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2011/01/02 02:18:55.0357 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
2011/01/02 02:18:55.0450 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/01/02 02:18:55.0497 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
2011/01/02 02:18:55.0544 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2011/01/02 02:18:55.0669 usbbus (5fcc71487888589a9244af54cfefab29) C:\windows\system32\DRIVERS\lgx64bus.sys
2011/01/02 02:18:55.0731 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
2011/01/02 02:18:55.0809 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
2011/01/02 02:18:55.0871 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\windows\system32\DRIVERS\lgx64diag.sys
2011/01/02 02:18:55.0949 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\windows\system32\DRIVERS\usbehci.sys
2011/01/02 02:18:56.0027 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\windows\system32\DRIVERS\usbhub.sys
2011/01/02 02:18:56.0105 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\windows\system32\DRIVERS\lgx64modem.sys
2011/01/02 02:18:56.0168 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
2011/01/02 02:18:56.0246 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2011/01/02 02:18:56.0308 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
2011/01/02 02:18:56.0339 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/01/02 02:18:56.0417 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
2011/01/02 02:18:56.0495 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
2011/01/02 02:18:56.0558 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/01/02 02:18:56.0620 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2011/01/02 02:18:56.0683 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2011/01/02 02:18:56.0729 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
2011/01/02 02:18:56.0807 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
2011/01/02 02:18:56.0885 vmbus (1501699d7eda984abc4155a7da5738d1) C:\windows\system32\DRIVERS\vmbus.sys
2011/01/02 02:18:56.0948 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\windows\system32\DRIVERS\VMBusHID.sys
2011/01/02 02:18:56.0995 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
2011/01/02 02:18:57.0026 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
2011/01/02 02:18:57.0104 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
2011/01/02 02:18:57.0166 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2011/01/02 02:18:57.0244 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
2011/01/02 02:18:57.0275 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
2011/01/02 02:18:57.0307 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2011/01/02 02:18:57.0369 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/02 02:18:57.0400 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/02 02:18:57.0463 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2011/01/02 02:18:57.0541 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2011/01/02 02:18:57.0665 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2011/01/02 02:18:57.0697 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2011/01/02 02:18:57.0837 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
2011/01/02 02:18:57.0977 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/01/02 02:18:58.0118 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2011/01/02 02:18:58.0180 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
2011/01/02 02:18:58.0274 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/01/02 02:18:58.0352 ================================================================================
2011/01/02 02:18:58.0352 Scan finished
2011/01/02 02:18:58.0352 ================================================================================
2011/01/02 02:18:58.0367 Detected object count: 1
2011/01/02 02:52:56.0570 sptd (602884696850c86434530790b110e8eb) C:\windows\system32\Drivers\sptd.sys
2011/01/02 02:52:56.0570 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/01/02 02:52:56.0570 C:\windows\system32\Drivers\sptd.sys - copied to quarantine
2011/01/02 02:52:56.0570 Locked file(sptd) - User select action: Quarantine
  • Operating System
    win 7 64 SP1
  • Antivirus Software
    ESET
  • Firewall
    built in
  • Computer
    Personal laptop
  • CPU
    Intel Core I5-2430M CPU @ 240 GHz
  • Motherboard
    ASUS. the one that came with it
  • Ram
    6.00 GB
  • Storage
    Hitachi HTS547564A9E384 - 571GB
  • Video Card
    don't know
  • Soundcard
    don't know
  • Power Supply
    Microsoft AC adapter
  • Case
    ASUS U56E

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,644 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:05 PM

Posted 02 January 2011 - 04:22 AM

That file is fine, it belongs to CD emulation software like Daemon Tools.

I recommend you to reinstall your ESET security software (uninstall first). Also please check that your system date and time is set correctly.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 yoyosmuggler

yoyosmuggler
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:lousyana
  • Local time:02:05 PM

Posted 02 January 2011 - 08:47 PM

time and date are correct i never had a chANGE in them and i have reinstalled eset nod32.

i know this is off topic but can you recommend a duplicate file finder. i have alot of video files and i know there are duplicates and since my hard drive is full ESET keeps getting stuck saying not enough memory

Edited by yoyosmuggler, 02 January 2011 - 11:19 PM.

  • Operating System
    win 7 64 SP1
  • Antivirus Software
    ESET
  • Firewall
    built in
  • Computer
    Personal laptop
  • CPU
    Intel Core I5-2430M CPU @ 240 GHz
  • Motherboard
    ASUS. the one that came with it
  • Ram
    6.00 GB
  • Storage
    Hitachi HTS547564A9E384 - 571GB
  • Video Card
    don't know
  • Soundcard
    don't know
  • Power Supply
    Microsoft AC adapter
  • Case
    ASUS U56E

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,644 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:05 PM

Posted 03 January 2011 - 04:49 AM

I do not recommend duplicate file finders, because they are not reliable IMO. I'd recommend you to do it manually.

Try to move personal files to external drives/dvd's to free up spac

Drive C: | 453.89 Gb Total Space | 15.24 Gb Free Space | 3.36% Space Free | Partition Type: NTFSe.

Before you free up space there isn't a lot we can do here. Windows needs approx. 25% free space in order to function optimally, so its only normal you are experiencing problems now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 yoyosmuggler

yoyosmuggler
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:lousyana
  • Local time:02:05 PM

Posted 03 January 2011 - 01:44 PM

ok i'm gonna free up some space. i have had that same amount of space available for a while and was previously able to run ESET but since uninstalling ESET and reinstalling i keep getting the not enough space error message.

the first two lines in this img. have always been the same i never knew why but it still ran the scan fine.


Posted Image
  • Operating System
    win 7 64 SP1
  • Antivirus Software
    ESET
  • Firewall
    built in
  • Computer
    Personal laptop
  • CPU
    Intel Core I5-2430M CPU @ 240 GHz
  • Motherboard
    ASUS. the one that came with it
  • Ram
    6.00 GB
  • Storage
    Hitachi HTS547564A9E384 - 571GB
  • Video Card
    don't know
  • Soundcard
    don't know
  • Power Supply
    Microsoft AC adapter
  • Case
    ASUS U56E




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users