Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Olmarik Trojan Removal Help


  • This topic is locked This topic is locked
15 replies to this topic

#1 CraigWI

CraigWI

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 16 April 2011 - 10:42 AM

Hey all, Firstly thanks to all that contribute with this....
ESET NOD32 4.2.71.2 (with latest definitions) has picked up "Win32/Olmarik Trojan", I've tried using 'malware bytes Anti malware' and 'superantispyware' to remove, but no luck.. And ESET NOD32 Certainly won't remove.
Attached are the DDS and gmer Logs:

DDS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Toshiba at 22:42:11.56 on Sat 16/04/2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3037.1824 [GMT 10:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: Avira FireWall *Enabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\atieclxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\windows\system32\sppsvc.exe
C:\Users\Toshiba\Desktop\dds.scr
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.toggle.com/en/index.php?rvs=google
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - c:\program files\messenger_plus_live_australia\tbMes1.dll
uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\prxtbTog0.dll
mURLSearchHooks: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - c:\program files\messenger_plus_live_australia\tbMes1.dll
mURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\prxtbTog0.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\prxtbTog0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - c:\program files\messenger_plus_live_australia\tbMes1.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - c:\program files\messenger_plus_live_australia\tbMes1.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\prxtbTog0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
StartupFolder: c:\users\toshiba\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-16 64512]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-1-18 176128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-7-18 181616]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-12-21 41336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-1 1753048]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-8 62832]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 181616]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-1-18 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-18 167936]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-1-18 859136]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-1-18 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-4 111960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-19 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-23 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\HPx9G2k.sys [2008-5-27 12658]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-1 15232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-1-18 171520]
S3 RTL2831UBDA;REALTEK 2831U BDA Driver;c:\windows\system32\drivers\RTL2831UBDA.sys [2009-8-28 95904]
S3 RTL2831UUSB;REALTEK 2831U USB Driver;c:\windows\system32\drivers\RTL2831UUSB.sys [2009-8-28 32800]
S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-7 685424]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-16 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-28 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-04-16 12:40:33 -------- d-----w- c:\users\toshiba\appdata\local\{38B8862C-4CB7-4F13-84CA-363E6212BC39}
2011-04-16 12:21:11 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-16 12:21:07 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-16 12:20:43 -------- d-----w- c:\users\toshiba\appdata\local\Sunbelt Software
2011-04-16 12:20:04 -------- dc-h--w- c:\progra~2\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
2011-04-16 12:19:39 -------- d-----w- c:\program files\Lavasoft
2011-04-16 12:05:41 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-16 12:05:38 -------- d-----w- c:\users\toshiba\appdata\local\temp
2011-04-16 09:05:06 -------- d-----w- c:\users\toshiba\appdata\roaming\SUPERAntiSpyware.com
2011-04-16 09:05:06 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-04-16 09:04:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-16 07:50:56 -------- d-----w- c:\users\toshiba\appdata\local\Apps
2011-04-16 07:10:22 -------- d-----w- c:\users\toshiba\appdata\roaming\Malwarebytes
2011-04-16 07:10:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-16 07:10:17 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-16 07:10:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-16 07:10:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-16 03:56:15 -------- d-----w- c:\users\toshiba\appdata\roaming\ESET
2011-04-16 03:56:15 -------- d-----w- c:\users\toshiba\appdata\local\ESET
2011-04-16 03:54:52 -------- d-----w- c:\program files\ESET
2011-04-16 01:20:22 -------- d-----w- c:\windows\system32\SPReview
2011-04-16 01:18:43 -------- d-----w- c:\windows\system32\EventProviders
2011-04-16 01:18:31 -------- d-----w- C:\63eea4a7df5862e981c292cb
2011-04-16 01:11:59 49488 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-16 01:10:59 325632 ----a-w- c:\windows\system32\slui.exe
2011-04-16 01:09:17 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-16 01:09:17 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-16 01:09:16 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-04-16 01:09:16 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-16 01:09:01 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-16 01:08:50 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-16 01:08:50 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-04-16 01:07:42 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-16 01:07:42 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-16 00:37:17 -------- d-----w- c:\users\toshiba\appdata\local\{36FECADB-55F1-4913-9C05-97E06D04DD0C}
2011-04-15 13:17:39 -------- d-----w- c:\users\toshiba\appdata\local\ToggleEN
2011-04-15 13:17:39 -------- d-----w- c:\users\toshiba\appdata\local\ConduitEngine
2011-04-15 12:37:06 -------- d-----w- c:\users\toshiba\appdata\local\{B8C48358-4E13-4769-A405-CB3A3B9677D4}
2011-04-15 00:47:34 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-15 00:47:34 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 00:47:33 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-15 00:47:29 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 00:47:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 00:47:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 00:47:28 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 00:46:57 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 00:46:54 802304 ----a-w- c:\windows\system32\WFS.exe
2011-04-15 00:46:54 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 00:46:51 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 00:46:48 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 00:46:45 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 00:46:45 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 00:46:41 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 00:46:41 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 00:46:41 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 00:46:41 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 00:40:39 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{dcbb3d6d-8fb2-4c03-ab60-1d9d2226ec02}\mpengine.dll
2011-04-15 00:36:40 -------- d-----w- c:\users\toshiba\appdata\local\{ABB7B861-79F3-496E-8C99-6D84BB6352EB}
2011-04-14 09:30:21 -------- d-----w- c:\users\toshiba\appdata\local\{F9E701CF-3127-4F6C-B024-B0B901EFDC3E}
2011-04-13 21:29:55 -------- d-----w- c:\users\toshiba\appdata\local\{A309CC34-B38B-44A7-B88F-A4CB0862F8B0}
2011-04-13 00:55:57 -------- d-----w- c:\users\toshiba\appdata\local\{932A0323-3E52-48EA-94FE-59D93E4254DD}
2011-04-12 12:16:41 -------- d-----w- c:\users\toshiba\appdata\local\{3DE9C516-7ED0-4F8C-878C-5718E8ED0F02}
2011-04-12 00:18:50 -------- d-----w- c:\program files\bfgclient
2011-04-12 00:16:16 -------- d-----w- c:\users\toshiba\appdata\local\{1AB05C69-3E09-4243-8215-36E5E4A52472}
2011-04-11 07:26:58 92208 ----a-w- c:\windows\system32\WING.DLL
2011-04-11 02:31:58 -------- d-----w- c:\users\toshiba\appdata\local\{67CEFC8D-EC27-4E88-B179-7D88354BB6CF}
2011-04-11 02:25:25 -------- d-----w- c:\windows\en
2011-04-11 02:23:19 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-11 02:23:19 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-11 02:23:17 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-11 02:17:56 15712 ----a-w- c:\program files\common files\windows live\.cache\ab9b4eb61cbf7ee0d\MeshBetaRemover.exe
2011-04-11 02:11:30 -------- d-----w- c:\progra~2\Big Fish Games
2011-04-11 02:10:00 -------- d-----w- C:\BigFishGamesCache
2011-04-11 00:55:14 -------- d-----w- c:\users\toshiba\appdata\local\{4A2ADBCA-97EE-4FDF-83C7-4EC093662A08}
2011-04-10 11:00:39 -------- d-----w- c:\users\toshiba\appdata\local\{275B0EDC-09AF-4D14-91CC-354B32D0B857}
2011-04-09 22:59:49 -------- d-----w- c:\users\toshiba\appdata\local\{3B2A8FF1-D5D0-4922-82D2-25197B41E197}
2011-04-09 18:44:44 -------- d-----w- c:\users\toshiba\appdata\local\{E15B8016-B3BC-4666-84A7-E70656F522BD}
2011-04-09 06:42:50 -------- d-----w- c:\users\toshiba\appdata\local\{170C386D-E6F3-4548-AFFB-90FDB0622129}
2011-04-09 06:37:36 -------- d-----w- c:\users\toshiba\appdata\local\{64A13EA7-93A4-4DFF-B19C-8324770422A5}
2011-04-09 06:31:50 -------- d-----w- c:\users\toshiba\appdata\local\{5019AE5F-F43C-45B3-AEEB-B052B4038428}
2011-04-08 10:43:24 -------- d-----w- c:\users\toshiba\appdata\local\{8D0F83BD-32CA-4B5C-ACC4-76522FA1D4C8}
2011-04-06 06:48:15 -------- d-----w- c:\users\toshiba\appdata\local\{3E8E4C44-A5CF-4029-A354-DE84D102E5C1}
2011-04-05 10:12:39 -------- d-----w- c:\users\toshiba\appdata\local\{50D133E7-6427-43A2-A0DA-F22D0E86EB68}
2011-04-04 22:12:14 -------- d-----w- c:\users\toshiba\appdata\local\{3ACD002D-9243-43F7-892A-ECC7F7755C8B}
2011-04-04 10:58:01 5027 ----a-w- c:\users\toshiba\appdata\local\elahemofivu.dll
2011-04-04 06:47:59 -------- d-----w- c:\users\toshiba\appdata\local\{8FBD8347-DDBB-4584-B076-D48FADA51B61}
2011-04-03 10:05:03 -------- d-----w- c:\users\toshiba\appdata\local\{AF58581A-C43C-4FCF-8751-17FFA5F93DFC}
2011-04-02 00:58:49 0 ----a-w- c:\users\toshiba\appdata\local\Idorap.bin
2011-04-01 23:09:52 -------- d-----w- c:\users\toshiba\appdata\roaming\Heritage Key VX Viewer
2011-03-28 09:28:53 -------- d-----w- c:\progra~2\EPSON
2011-03-26 00:23:03 -------- d-----w- c:\users\toshiba\FrostWire
2011-03-25 23:02:26 -------- d-----w- c:\program files\Microsoft
.
==================== Find3M ====================
.
2011-04-16 01:27:18 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-15 13:18:16 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 05:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-02 07:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: TOSHIBA_ rev.GC00 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8780AECC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x9dbf3879; SUB DWORD [EBP-0x4], 0x9dbf3135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 ntkrnlpa!IofCallDriver[0x8304A52F] -> \Device\Harddisk0\DR0[0x874B8AA0]
3 CLASSPNP[0x8BE8459E] -> ntkrnlpa!IofCallDriver[0x8304A52F] -> \IAAStorageDevice-1[0x86A65028]
[0x874FA478] -> IRP_MJ_CREATE -> 0x8780AECC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskTOSHIBA_MK3263GSXN______________________GC002M__#4&2a5f735&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
sectors 625142446 (+181): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:47:14.64 ===============

gmer log
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-17 01:40:06
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 TOSHIBA_ rev.GC00
Running: gmer.exe; Driver: C:\Users\Toshiba\AppData\Local\Temp\awdirfow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 83051339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8308AD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8BB98000, 0x3C849, 0xE8000020]
.dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8BBDD000, 0x3DC, 0x48000040]
.rsrc C:\windows\system32\DRIVERS\vwififlt.sys entry point in ".rsrc" section [0x83D48014]
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91E11000, 0x2D5526, 0xE8000020]
? C:\Users\Toshiba\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[300] kernel32.dll!SetUnhandledExceptionFilter 77763D01 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\iaStor -> DriverStartIo \Device\Ide\iaStor0 8780AAF1
Device \Driver\iaStor -> DriverStartIo \Device\Ide\IAAStorageDevice-0 8780AAF1

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskTOSHIBA_MK3263GSXN______________________GC002M__#4&2a5f735&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01D88.log 1048576 bytes
File C:\windows\system32\DRIVERS\vwififlt.sys suspicious modification; TDL3 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

Please help.
Thank you

Attached Files

  • Attached File  DDS.txt   24.46KB   2 downloads
  • Attached File  ark.txt   14.33KB   2 downloads


BC AdBot (Login to Remove)

 


#2 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 16 April 2011 - 12:55 PM

:welcome: to BC!

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Please also attach the file Attach.txt on your desktop in your reply.

Edited by heir, 16 April 2011 - 03:03 PM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#3 CraigWI

CraigWI
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 16 April 2011 - 07:39 PM

Thanks Heir...
Having a bit of difficulty with combofix..
It says 2 things are active, even though ive disabled ESET Nod32, windows firewall etc etc
Antivirus: AntiVir Desktop
Antispyware: AntiVir Desktop
I think this may be because i un-installed Avira Antivirus Premium suite yesterday, and its still got some files left over?
I Un-installed it through the windows uninstaller, then ran registry cleaners etc to hopefully remove all traces but After doing a search for avira, no results have been found :S

Anyway here is the combofix log:
ComboFix 11-04-15.03 - Toshiba 17/04/2011 11:26:11.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3037.1842 [GMT 10:00]
Running from: c:\users\Toshiba\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: Avira FireWall *Enabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-03-17 to 2011-04-17 )))))))))))))))))))))))))))))))
.
.
2011-04-16 09:05 . 2011-04-16 09:05 -------- d-----w- c:\users\Toshiba\AppData\Roaming\SUPERAntiSpyware.com
2011-04-16 09:05 . 2011-04-16 09:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-16 09:04 . 2011-04-16 09:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-16 07:50 . 2011-04-16 07:50 -------- d-----w- c:\users\Toshiba\AppData\Local\Apps
2011-04-16 07:10 . 2011-04-16 07:10 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Malwarebytes
2011-04-16 07:10 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-16 07:10 . 2011-04-16 07:10 -------- d-----w- c:\programdata\Malwarebytes
2011-04-16 07:10 . 2011-04-16 07:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-16 07:10 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-16 03:56 . 2011-04-16 03:56 -------- d-----w- c:\users\Toshiba\AppData\Local\ESET
2011-04-16 03:54 . 2011-04-16 03:54 -------- d-----w- c:\program files\ESET
2011-04-16 01:20 . 2011-04-16 01:20 -------- d-----w- c:\windows\system32\SPReview
2011-04-16 01:18 . 2011-04-16 01:18 -------- d-----w- c:\windows\system32\EventProviders
2011-04-16 01:18 . 2011-04-16 01:20 -------- d-----w- C:\63eea4a7df5862e981c292cb
2011-04-16 01:11 . 2010-11-20 12:19 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-04-16 01:10 . 2010-11-20 12:21 233472 ----a-w- c:\windows\system32\taskbarcpl.dll
2011-04-16 01:09 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-16 01:09 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-16 01:09 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-16 01:09 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-04-16 01:09 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-16 01:08 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-04-16 01:08 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-16 01:07 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-16 01:07 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-16 00:37 . 2011-04-16 00:37 -------- d-----w- c:\users\Toshiba\AppData\Local\{36FECADB-55F1-4913-9C05-97E06D04DD0C}
2011-04-15 13:17 . 2011-04-15 13:18 -------- d-----w- c:\users\Toshiba\AppData\Local\ConduitEngine
2011-04-15 13:17 . 2011-04-15 13:18 -------- d-----w- c:\users\Toshiba\AppData\Local\ToggleEN
2011-04-15 12:37 . 2011-04-15 12:37 -------- d-----w- c:\users\Toshiba\AppData\Local\{B8C48358-4E13-4769-A405-CB3A3B9677D4}
2011-04-15 00:47 . 2011-02-23 04:48 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-15 00:47 . 2011-02-23 04:48 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 00:47 . 2011-02-23 04:47 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-15 00:47 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 00:47 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 00:47 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 00:47 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 00:46 . 2011-03-03 03:42 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 00:46 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 00:46 . 2010-11-20 12:17 802304 ----a-w- c:\windows\system32\WFS.exe
2011-04-15 00:46 . 2011-02-24 05:38 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 00:46 . 2011-03-08 05:28 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 00:46 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 00:46 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 00:46 . 2011-02-23 04:47 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 00:46 . 2011-02-23 04:47 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 00:46 . 2011-02-23 04:47 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 00:46 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 00:40 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCBB3D6D-8FB2-4C03-AB60-1D9D2226EC02}\mpengine.dll
2011-04-15 00:36 . 2011-04-15 00:36 -------- d-----w- c:\users\Toshiba\AppData\Local\{ABB7B861-79F3-496E-8C99-6D84BB6352EB}
2011-04-14 09:30 . 2011-04-14 09:30 -------- d-----w- c:\users\Toshiba\AppData\Local\{F9E701CF-3127-4F6C-B024-B0B901EFDC3E}
2011-04-13 21:29 . 2011-04-13 21:30 -------- d-----w- c:\users\Toshiba\AppData\Local\{A309CC34-B38B-44A7-B88F-A4CB0862F8B0}
2011-04-13 00:55 . 2011-04-13 00:56 -------- d-----w- c:\users\Toshiba\AppData\Local\{932A0323-3E52-48EA-94FE-59D93E4254DD}
2011-04-12 12:16 . 2011-04-12 12:16 -------- d-----w- c:\users\Toshiba\AppData\Local\{3DE9C516-7ED0-4F8C-878C-5718E8ED0F02}
2011-04-12 00:18 . 2011-04-12 00:19 -------- d-----w- c:\program files\bfgclient
2011-04-12 00:16 . 2011-04-12 00:16 -------- d-----w- c:\users\Toshiba\AppData\Local\{1AB05C69-3E09-4243-8215-36E5E4A52472}
2011-04-11 07:26 . 1995-01-29 14:00 92208 ----a-w- c:\windows\system32\WING.DLL
2011-04-11 02:31 . 2011-04-11 02:32 -------- d-----w- c:\users\Toshiba\AppData\Local\{67CEFC8D-EC27-4E88-B179-7D88354BB6CF}
2011-04-11 02:25 . 2011-04-11 02:25 -------- d-----w- c:\windows\en
2011-04-11 02:23 . 2009-09-04 07:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-11 02:23 . 2009-09-04 07:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-11 02:23 . 2009-09-04 07:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-11 02:17 . 2011-04-11 02:17 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\ab9b4eb61cbf7ee0d\MeshBetaRemover.exe
2011-04-11 02:11 . 2011-04-12 00:18 -------- d-----w- c:\programdata\Big Fish Games
2011-04-11 02:10 . 2011-04-12 00:19 -------- d-----w- C:\BigFishGamesCache
2011-04-11 00:55 . 2011-04-11 00:55 -------- d-----w- c:\users\Toshiba\AppData\Local\{4A2ADBCA-97EE-4FDF-83C7-4EC093662A08}
2011-04-10 11:00 . 2011-04-10 11:00 -------- d-----w- c:\users\Toshiba\AppData\Local\{275B0EDC-09AF-4D14-91CC-354B32D0B857}
2011-04-09 22:59 . 2011-04-09 23:00 -------- d-----w- c:\users\Toshiba\AppData\Local\{3B2A8FF1-D5D0-4922-82D2-25197B41E197}
2011-04-09 18:44 . 2011-04-09 18:44 -------- d-----w- c:\users\Toshiba\AppData\Local\{E15B8016-B3BC-4666-84A7-E70656F522BD}
2011-04-09 06:42 . 2011-04-09 06:43 -------- d-----w- c:\users\Toshiba\AppData\Local\{170C386D-E6F3-4548-AFFB-90FDB0622129}
2011-04-09 06:37 . 2011-04-09 06:37 -------- d-----w- c:\users\Toshiba\AppData\Local\{64A13EA7-93A4-4DFF-B19C-8324770422A5}
2011-04-09 06:31 . 2011-04-09 06:31 -------- d-----w- c:\users\Toshiba\AppData\Local\{5019AE5F-F43C-45B3-AEEB-B052B4038428}
2011-04-08 10:43 . 2011-04-08 10:43 -------- d-----w- c:\users\Toshiba\AppData\Local\{8D0F83BD-32CA-4B5C-ACC4-76522FA1D4C8}
2011-04-06 06:48 . 2011-04-06 06:48 -------- d-----w- c:\users\Toshiba\AppData\Local\{3E8E4C44-A5CF-4029-A354-DE84D102E5C1}
2011-04-05 10:12 . 2011-04-05 10:12 -------- d-----w- c:\users\Toshiba\AppData\Local\{50D133E7-6427-43A2-A0DA-F22D0E86EB68}
2011-04-04 22:12 . 2011-04-04 22:12 -------- d-----w- c:\users\Toshiba\AppData\Local\{3ACD002D-9243-43F7-892A-ECC7F7755C8B}
2011-04-04 10:58 . 2011-04-04 10:58 5027 ----a-w- c:\users\Toshiba\AppData\Local\elahemofivu.dll
2011-04-04 06:47 . 2011-04-04 06:48 -------- d-----w- c:\users\Toshiba\AppData\Local\{8FBD8347-DDBB-4584-B076-D48FADA51B61}
2011-04-03 10:05 . 2011-04-03 10:05 -------- d-----w- c:\users\Toshiba\AppData\Local\{AF58581A-C43C-4FCF-8751-17FFA5F93DFC}
2011-04-02 00:58 . 2011-04-16 01:51 0 ----a-w- c:\users\Toshiba\AppData\Local\Idorap.bin
2011-04-01 23:09 . 2011-04-11 07:32 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Heritage Key VX Viewer
2011-04-01 22:13 . 2011-04-01 22:13 -------- d-----w- c:\program files\Hewlett-Packard
2011-03-28 09:28 . 2011-03-28 09:29 -------- d-----w- c:\programdata\EPSON
2011-03-26 00:23 . 2011-03-26 00:23 -------- d-----w- c:\users\Toshiba\FrostWire
2011-03-25 23:02 . 2011-03-25 23:02 -------- d-----w- c:\program files\Microsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-16 01:27 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-15 13:18 . 2011-03-10 10:47 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-08 21:03 . 2010-06-24 00:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-22 08:12 . 2011-02-22 08:12 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-02-19 06:30 . 2011-03-09 07:28 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-09 07:28 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-09 07:28 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 05:36 . 2011-02-18 05:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 05:36 . 2011-02-18 05:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 05:54 . 2011-02-09 05:57 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 07:11 . 2010-03-19 06:24 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ea0969b3-6e12-4ac0-b6c9-148e81247954}"= "c:\program files\Messenger_Plus_Live_Australia\tbMes1.dll" [2010-05-15 2515552]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ToggleEN\prxtbTog0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 05:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]
2010-05-15 07:26 2515552 ----a-w- c:\program files\Messenger_Plus_Live_Australia\tbMes1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{ea0969b3-6e12-4ac0-b6c9-148e81247954}"= "c:\program files\Messenger_Plus_Live_Australia\tbMes1.dll" [2010-05-15 2515552]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{EA0969B3-6E12-4AC0-B6C9-148E81247954}"= "c:\program files\Messenger_Plus_Live_Australia\tbMes1.dll" [2010-05-15 2515552]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-18 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-09 4240760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-04-16 2219184]
.
c:\users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-22 717296]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\DRIVERS\HPx9G2k.sys [2008-05-26 12658]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RTL2831UBDA;REALTEK 2831U BDA Driver;c:\windows\system32\drivers\RTL2831UBDA.sys [2009-08-27 95904]
R3 RTL2831UUSB;REALTEK 2831U USB Driver;c:\windows\system32\Drivers\RTL2831UUSB.sys [2009-08-27 32800]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-28 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 41336]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-10 181616]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-28 859136]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 07:35]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 07:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.toggle.com/en/index.php?rvs=google
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-RegistryMechanic - (no file)
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: TOSHIBA_ rev.GC00 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8784BECC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x9dbf3879; SUB DWORD [EBP-0x4], 0x9dbf3135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 ntkrnlpa!IofCallDriver[0x8304E52F] -> \Device\Harddisk0\DR0[0x874B21C8]
3 CLASSPNP[0x8BA0459E] -> ntkrnlpa!IofCallDriver[0x8304E52F] -> \IAAStorageDevice-1[0x86A62028]
[0x875A3618] -> IRP_MJ_CREATE -> 0x8784BECC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskTOSHIBA_MK3263GSXN______________________GC002M__#4&2a5f735&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
sectors 625142446 (+187): user != kernel
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:00000000
"ProductBase"=dword:00000001
"ProductCode"="{38D80A4C-D893-4985-BA3F-0B1D9E848CED}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.2.71.2"
"UniqueId"="000B77224DA9134F"
"ScannerBuild"=dword:00001dd3
"ScannerVersionId"=dword:000015fe
"ScannerVersion"="ready"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-17 11:43:15
ComboFix-quarantined-files.txt 2011-04-17 01:43
.
Pre-Run: 18,580,631,552 bytes free
Post-Run: 18,478,862,336 bytes free
.
- - End Of File - - 2DFA095851C98977390C08D13625A459

Please hurry, as i need this ASAP. Will donate some money for quick help :)

Attached Files


Edited by CraigWI, 17 April 2011 - 07:29 PM.


#4 CraigWI

CraigWI
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 17 April 2011 - 07:28 PM

EDIT: Doublepost sorry
Please remove

Edited by CraigWI, 17 April 2011 - 07:36 PM.


#5 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 18 April 2011 - 01:29 AM

Please hurry, as i need this ASAP

There is seldom a quick fix for malware issues. And besides, I have another life as well, I don't spend all my time replying to topics here.

Please don't edit your post as I don't get notified when posts get edited. Just post a new reply with additional information.


It says 2 things are active, even though ive disabled ESET Nod32, windows firewall etc etc
Antivirus: AntiVir Desktop
Antispyware: AntiVir Desktop
I think this may be because i un-installed Avira Antivirus Premium suite yesterday, and its still got some files left over?
I Un-installed it through the windows uninstaller, then ran registry cleaners etc to hopefully remove all traces but After doing a search for avira, no results have been found :S

What regisstry cleaner? CCleaner I assume, not a good call.


Something I should point out, regarding CCleaner, Glary Utilities, TuneUp Utilities and similar products

It's not recommended to use of registry cleaners. These often cause more problems than they fix. One of the Experts here at Geekstogo, miekiemoes has an excellent writeup here
Another excellent article by Bill Castner is located here.



Your UAC settings are not the default. is this something you've changed on purpose?


R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-22 717296]

You need to disable your CD emulation software properly. Go Here and perform step 6


Step 1.
Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following:

Ask Toolbar
CCleaner
Conduit Engine
FrostWire 4.21.5
WildTangent Games



Optional removals

FrostWire and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
Ask Toolbar Conduit Engine and WildTangent Games are considered foistware.
CCleaner is a registrycleaner
It's up to you if you want to remove the above programs, however I recommend you do.

Step 2.
Remove leftovers from security softwares.:

Use Avira Antivir Removal Tool and Avira Antivir RegistryCleaner to completely remove Avira.


Step 3.
TDSSKiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 4.
CFSCript:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Dirlook::
c:\users\Toshiba\AppData\Local\{ABB7B861-79F3-496E-8C99-6D84BB6352EB}
c:\users\Toshiba\AppData\Local\{F9E701CF-3127-4F6C-B024-B0B901EFDC3E}
c:\users\Toshiba\AppData\Local\{A309CC34-B38B-44A7-B88F-A4CB0862F8B0}
c:\users\Toshiba\AppData\Local\{932A0323-3E52-48EA-94FE-59D93E4254DD}
c:\users\Toshiba\AppData\Local\{3DE9C516-7ED0-4F8C-878C-5718E8ED0F02}
c:\users\Toshiba\AppData\Local\{1AB05C69-3E09-4243-8215-36E5E4A52472}
c:\users\Toshiba\AppData\Local\{67CEFC8D-EC27-4E88-B179-7D88354BB6CF}
c:\users\Toshiba\AppData\Local\{4A2ADBCA-97EE-4FDF-83C7-4EC093662A08}
c:\users\Toshiba\AppData\Local\{275B0EDC-09AF-4D14-91CC-354B32D0B857}
c:\users\Toshiba\AppData\Local\{3B2A8FF1-D5D0-4922-82D2-25197B41E197}
c:\users\Toshiba\AppData\Local\{E15B8016-B3BC-4666-84A7-E70656F522BD}
c:\users\Toshiba\AppData\Local\{170C386D-E6F3-4548-AFFB-90FDB0622129}
c:\users\Toshiba\AppData\Local\{64A13EA7-93A4-4DFF-B19C-8324770422A5}
c:\users\Toshiba\AppData\Local\{5019AE5F-F43C-45B3-AEEB-B052B4038428}
c:\users\Toshiba\AppData\Local\{8D0F83BD-32CA-4B5C-ACC4-76522FA1D4C8}
c:\users\Toshiba\AppData\Local\{3E8E4C44-A5CF-4029-A354-DE84D102E5C1}
c:\users\Toshiba\AppData\Local\{50D133E7-6427-43A2-A0DA-F22D0E86EB68}
c:\users\Toshiba\AppData\Local\{3ACD002D-9243-43F7-892A-ECC7F7755C8B}
c:\users\Toshiba\AppData\Local\{8FBD8347-DDBB-4584-B076-D48FADA51B61}
c:\users\Toshiba\AppData\Local\{AF58581A-C43C-4FCF-8751-17FFA5F93DFC}

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 5.
Things I would like to see in your reply:

  • Which softwares were uninstalled in step 1.
  • The content of the log from TDSSKiller in step 3.
  • The content C:\ComboFix.txt in step 4.
  • Information on how your computer is running after those steps.

Edited by heir, 18 April 2011 - 01:32 AM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#6 CraigWI

CraigWI
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 18 April 2011 - 06:16 AM

Apologies Heir.
I really do appreciate the help.
UAC was disabled by myself when i first got the computer ages ago...

1. Software uninstalled: All that you listed,
2. TDSSKiller Log
2011/04/18 20:06:55.0146 3804 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/18 20:06:55.0161 3804 ================================================================================
2011/04/18 20:06:55.0161 3804 SystemInfo:
2011/04/18 20:06:55.0161 3804
2011/04/18 20:06:55.0161 3804 OS Version: 6.1.7601 ServicePack: 1.0
2011/04/18 20:06:55.0161 3804 Product type: Workstation
2011/04/18 20:06:55.0161 3804 ComputerName: TOSHIBA-PC
2011/04/18 20:06:55.0161 3804 UserName: Toshiba
2011/04/18 20:06:55.0161 3804 Windows directory: C:\windows
2011/04/18 20:06:55.0161 3804 System windows directory: C:\windows
2011/04/18 20:06:55.0161 3804 Processor architecture: Intel x86
2011/04/18 20:06:55.0161 3804 Number of processors: 2
2011/04/18 20:06:55.0161 3804 Page size: 0x1000
2011/04/18 20:06:55.0161 3804 Boot type: Normal boot
2011/04/18 20:06:55.0161 3804 ================================================================================
2011/04/18 20:06:55.0536 3804 Initialize success
2011/04/18 20:07:05.0754 4944 ================================================================================
2011/04/18 20:07:05.0754 4944 Scan started
2011/04/18 20:07:05.0754 4944 Mode: Manual;
2011/04/18 20:07:05.0754 4944 ================================================================================
2011/04/18 20:07:06.0315 4944 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
2011/04/18 20:07:06.0503 4944 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
2011/04/18 20:07:07.0485 4944 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
2011/04/18 20:07:07.0688 4944 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/04/18 20:07:07.0938 4944 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/04/18 20:07:08.0109 4944 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/04/18 20:07:08.0328 4944 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\windows\system32\drivers\afd.sys
2011/04/18 20:07:08.0546 4944 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
2011/04/18 20:07:08.0687 4944 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
2011/04/18 20:07:08.0874 4944 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/04/18 20:07:09.0077 4944 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
2011/04/18 20:07:09.0264 4944 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
2011/04/18 20:07:09.0451 4944 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
2011/04/18 20:07:09.0623 4944 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/04/18 20:07:09.0794 4944 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/04/18 20:07:09.0981 4944 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\windows\system32\drivers\amdsata.sys
2011/04/18 20:07:10.0153 4944 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/04/18 20:07:10.0278 4944 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\windows\system32\drivers\amdxata.sys
2011/04/18 20:07:10.0481 4944 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
2011/04/18 20:07:10.0715 4944 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/04/18 20:07:10.0855 4944 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/04/18 20:07:11.0027 4944 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/04/18 20:07:11.0214 4944 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
2011/04/18 20:07:11.0510 4944 atikmdag (c97be8350fbcb1960b22fad2e6c2b514) C:\windows\system32\DRIVERS\atikmdag.sys
2011/04/18 20:07:11.0791 4944 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/04/18 20:07:11.0963 4944 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/04/18 20:07:12.0165 4944 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/04/18 20:07:12.0353 4944 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/04/18 20:07:12.0540 4944 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
2011/04/18 20:07:12.0618 4944 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/04/18 20:07:12.0743 4944 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/04/18 20:07:12.0930 4944 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/04/18 20:07:13.0086 4944 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/04/18 20:07:13.0226 4944 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/04/18 20:07:13.0367 4944 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/04/18 20:07:13.0491 4944 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/04/18 20:07:13.0959 4944 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/04/18 20:07:14.0162 4944 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
2011/04/18 20:07:14.0381 4944 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/04/18 20:07:14.0505 4944 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/04/18 20:07:14.0739 4944 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/04/18 20:07:14.0880 4944 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
2011/04/18 20:07:15.0020 4944 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/04/18 20:07:15.0192 4944 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/04/18 20:07:15.0379 4944 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
2011/04/18 20:07:15.0566 4944 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/04/18 20:07:15.0785 4944 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
2011/04/18 20:07:15.0925 4944 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/04/18 20:07:16.0112 4944 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/04/18 20:07:16.0315 4944 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/04/18 20:07:16.0471 4944 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
2011/04/18 20:07:16.0658 4944 eamonm (04cba07e73f152970fc34d66d3892e2a) C:\windows\system32\DRIVERS\eamonm.sys
2011/04/18 20:07:16.0892 4944 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/04/18 20:07:17.0157 4944 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\windows\system32\DRIVERS\ehdrv.sys
2011/04/18 20:07:17.0391 4944 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/04/18 20:07:17.0579 4944 epfw (73411c14a8c6062bb6a510772cf2f38c) C:\windows\system32\DRIVERS\epfw.sys
2011/04/18 20:07:17.0750 4944 Epfwndis (490329bf80f333e788df9596a752a915) C:\windows\system32\DRIVERS\Epfwndis.sys
2011/04/18 20:07:18.0000 4944 epfwwfp (c62068dab6e2510fb231286d3da63dfa) C:\windows\system32\DRIVERS\epfwwfp.sys
2011/04/18 20:07:18.0203 4944 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
2011/04/18 20:07:18.0390 4944 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/04/18 20:07:18.0546 4944 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/04/18 20:07:18.0717 4944 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/04/18 20:07:18.0858 4944 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/04/18 20:07:18.0983 4944 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/04/18 20:07:19.0139 4944 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/04/18 20:07:19.0295 4944 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/04/18 20:07:19.0466 4944 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/04/18 20:07:19.0669 4944 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
2011/04/18 20:07:19.0841 4944 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/04/18 20:07:20.0028 4944 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
2011/04/18 20:07:20.0199 4944 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/04/18 20:07:20.0371 4944 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/18 20:07:20.0589 4944 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/04/18 20:07:20.0777 4944 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
2011/04/18 20:07:20.0933 4944 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
2011/04/18 20:07:21.0057 4944 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/04/18 20:07:21.0182 4944 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/04/18 20:07:21.0323 4944 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/04/18 20:07:21.0510 4944 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
2011/04/18 20:07:21.0713 4944 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
2011/04/18 20:07:21.0884 4944 HPx9G+ (3f4d2a4eb2e4be51c5e75e579ff34b70) C:\windows\system32\DRIVERS\HPx9G2k.sys
2011/04/18 20:07:22.0071 4944 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
2011/04/18 20:07:22.0212 4944 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
2011/04/18 20:07:22.0399 4944 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
2011/04/18 20:07:22.0586 4944 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
2011/04/18 20:07:22.0773 4944 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\windows\system32\drivers\iaStorV.sys
2011/04/18 20:07:23.0070 4944 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/04/18 20:07:23.0273 4944 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/04/18 20:07:23.0522 4944 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
2011/04/18 20:07:23.0678 4944 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
2011/04/18 20:07:23.0850 4944 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/04/18 20:07:23.0990 4944 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/04/18 20:07:24.0162 4944 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
2011/04/18 20:07:24.0287 4944 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/04/18 20:07:24.0489 4944 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/04/18 20:07:24.0630 4944 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
2011/04/18 20:07:24.0770 4944 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
2011/04/18 20:07:24.0942 4944 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
2011/04/18 20:07:25.0113 4944 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
2011/04/18 20:07:25.0269 4944 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
2011/04/18 20:07:25.0425 4944 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
2011/04/18 20:07:25.0613 4944 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/04/18 20:07:25.0815 4944 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys
2011/04/18 20:07:25.0987 4944 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/04/18 20:07:26.0159 4944 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/04/18 20:07:26.0330 4944 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/04/18 20:07:26.0471 4944 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/04/18 20:07:26.0642 4944 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/04/18 20:07:26.0783 4944 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/04/18 20:07:26.0923 4944 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/04/18 20:07:27.0095 4944 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/04/18 20:07:27.0251 4944 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/04/18 20:07:27.0438 4944 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/04/18 20:07:27.0641 4944 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/04/18 20:07:27.0703 4944 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
2011/04/18 20:07:27.0843 4944 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
2011/04/18 20:07:27.0968 4944 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/04/18 20:07:28.0155 4944 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
2011/04/18 20:07:28.0327 4944 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/04/18 20:07:28.0499 4944 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/04/18 20:07:28.0655 4944 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/04/18 20:07:28.0779 4944 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
2011/04/18 20:07:28.0935 4944 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
2011/04/18 20:07:29.0138 4944 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/04/18 20:07:29.0263 4944 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/04/18 20:07:29.0388 4944 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
2011/04/18 20:07:29.0591 4944 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/04/18 20:07:29.0762 4944 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/04/18 20:07:29.0918 4944 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/04/18 20:07:30.0059 4944 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/04/18 20:07:30.0199 4944 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
2011/04/18 20:07:30.0386 4944 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/04/18 20:07:30.0527 4944 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/04/18 20:07:30.0667 4944 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/04/18 20:07:30.0854 4944 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/04/18 20:07:31.0073 4944 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
2011/04/18 20:07:31.0244 4944 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/04/18 20:07:31.0400 4944 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/04/18 20:07:31.0587 4944 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
2011/04/18 20:07:31.0743 4944 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
2011/04/18 20:07:31.0899 4944 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
2011/04/18 20:07:32.0071 4944 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/04/18 20:07:32.0211 4944 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
2011/04/18 20:07:32.0430 4944 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/04/18 20:07:32.0601 4944 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/04/18 20:07:32.0742 4944 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/04/18 20:07:32.0929 4944 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\windows\system32\drivers\Ntfs.sys
2011/04/18 20:07:33.0085 4944 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/04/18 20:07:33.0257 4944 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\windows\system32\drivers\nvraid.sys
2011/04/18 20:07:33.0397 4944 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\windows\system32\drivers\nvstor.sys
2011/04/18 20:07:33.0553 4944 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
2011/04/18 20:07:33.0725 4944 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
2011/04/18 20:07:33.0927 4944 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/04/18 20:07:34.0068 4944 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
2011/04/18 20:07:34.0208 4944 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/04/18 20:07:34.0364 4944 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
2011/04/18 20:07:34.0551 4944 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
2011/04/18 20:07:34.0692 4944 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/04/18 20:07:34.0832 4944 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/04/18 20:07:34.0973 4944 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/04/18 20:07:35.0129 4944 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
2011/04/18 20:07:35.0331 4944 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/04/18 20:07:35.0472 4944 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/04/18 20:07:35.0643 4944 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/04/18 20:07:35.0846 4944 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\windows\system32\Drivers\PxHelp20.sys
2011/04/18 20:07:36.0018 4944 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/04/18 20:07:36.0174 4944 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/04/18 20:07:36.0314 4944 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/04/18 20:07:36.0455 4944 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/04/18 20:07:36.0626 4944 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/04/18 20:07:36.0798 4944 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/04/18 20:07:36.0969 4944 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/04/18 20:07:37.0141 4944 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/04/18 20:07:37.0281 4944 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
2011/04/18 20:07:37.0437 4944 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/04/18 20:07:37.0578 4944 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/04/18 20:07:37.0734 4944 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/04/18 20:07:37.0890 4944 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/04/18 20:07:38.0030 4944 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
2011/04/18 20:07:38.0233 4944 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
2011/04/18 20:07:38.0483 4944 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/04/18 20:07:38.0685 4944 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\system32\Drivers\RtsUStor.sys
2011/04/18 20:07:38.0857 4944 RTHDMIAzAudService (72a5515a2031d458dd38e9336594184b) C:\windows\system32\drivers\RtHDMIV.sys
2011/04/18 20:07:39.0060 4944 RTL2831UBDA (2519c5373c8ea17aa7576568952c68ca) C:\windows\system32\drivers\RTL2831UBDA.sys
2011/04/18 20:07:39.0231 4944 RTL2831UUSB (1b437e1066138f2ac92ca063ba742c3f) C:\windows\system32\Drivers\RTL2831UUSB.sys
2011/04/18 20:07:39.0403 4944 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/04/18 20:07:39.0590 4944 rtl8192se (fd0b1d3ce2e7debd0ae8456494d21488) C:\windows\system32\DRIVERS\rtl8192se.sys
2011/04/18 20:07:39.0887 4944 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/18 20:07:40.0074 4944 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/18 20:07:40.0261 4944 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
2011/04/18 20:07:40.0417 4944 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
2011/04/18 20:07:40.0620 4944 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/04/18 20:07:40.0791 4944 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/04/18 20:07:40.0963 4944 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/04/18 20:07:41.0150 4944 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/04/18 20:07:41.0306 4944 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
2011/04/18 20:07:41.0447 4944 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
2011/04/18 20:07:41.0587 4944 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
2011/04/18 20:07:41.0712 4944 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/04/18 20:07:41.0899 4944 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
2011/04/18 20:07:42.0071 4944 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/04/18 20:07:42.0211 4944 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/04/18 20:07:42.0336 4944 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/04/18 20:07:42.0523 4944 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/04/18 20:07:42.0788 4944 sptd (71e276f6d189413266ea22171806597b) C:\windows\System32\Drivers\sptd.sys
2011/04/18 20:07:42.0991 4944 srv (4e636465a8653ba3bf29f929aa578e6f) C:\windows\system32\DRIVERS\srv.sys
2011/04/18 20:07:43.0163 4944 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\windows\system32\DRIVERS\srv2.sys
2011/04/18 20:07:43.0287 4944 srvnet (1346dff5be932939997d373d61a35626) C:\windows\system32\DRIVERS\srvnet.sys
2011/04/18 20:07:43.0506 4944 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\windows\system32\DRIVERS\sscdbus.sys
2011/04/18 20:07:43.0709 4944 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\windows\system32\DRIVERS\sscdmdfl.sys
2011/04/18 20:07:43.0896 4944 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\windows\system32\DRIVERS\sscdmdm.sys
2011/04/18 20:07:44.0083 4944 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/04/18 20:07:44.0255 4944 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
2011/04/18 20:07:44.0457 4944 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
2011/04/18 20:07:44.0691 4944 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\windows\system32\drivers\tcpip.sys
2011/04/18 20:07:44.0910 4944 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\windows\system32\DRIVERS\tcpip.sys
2011/04/18 20:07:45.0081 4944 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
2011/04/18 20:07:45.0253 4944 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/04/18 20:07:45.0393 4944 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
2011/04/18 20:07:45.0549 4944 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
2011/04/18 20:07:45.0721 4944 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
2011/04/18 20:07:45.0861 4944 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
2011/04/18 20:07:46.0095 4944 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
2011/04/18 20:07:46.0298 4944 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/04/18 20:07:46.0485 4944 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
2011/04/18 20:07:46.0673 4944 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
2011/04/18 20:07:46.0844 4944 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/04/18 20:07:47.0016 4944 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
2011/04/18 20:07:47.0156 4944 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/04/18 20:07:47.0312 4944 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
2011/04/18 20:07:47.0499 4944 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
2011/04/18 20:07:47.0671 4944 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
2011/04/18 20:07:47.0811 4944 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/04/18 20:07:47.0999 4944 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\windows\system32\Drivers\usbaapl.sys
2011/04/18 20:07:48.0045 4944 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\windows\system32\drivers\usbccgp.sys
2011/04/18 20:07:48.0295 4944 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
2011/04/18 20:07:48.0435 4944 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/04/18 20:07:48.0623 4944 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\windows\system32\drivers\usbhub.sys
2011/04/18 20:07:48.0779 4944 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/04/18 20:07:48.0966 4944 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/04/18 20:07:49.0106 4944 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/04/18 20:07:49.0247 4944 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/04/18 20:07:49.0418 4944 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
2011/04/18 20:07:49.0621 4944 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
2011/04/18 20:07:49.0793 4944 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/04/18 20:07:49.0917 4944 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/04/18 20:07:50.0058 4944 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
2011/04/18 20:07:50.0198 4944 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
2011/04/18 20:07:50.0339 4944 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/04/18 20:07:50.0479 4944 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
2011/04/18 20:07:50.0604 4944 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
2011/04/18 20:07:50.0760 4944 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/04/18 20:07:50.0900 4944 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
2011/04/18 20:07:51.0072 4944 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/04/18 20:07:51.0228 4944 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/04/18 20:07:51.0384 4944 vwififlt (22cb3059eaa839ac178baac9090106c8) C:\windows\system32\DRIVERS\vwififlt.sys
2011/04/18 20:07:51.0384 4944 Suspicious file (Forged): C:\windows\system32\DRIVERS\vwififlt.sys. Real md5: 22cb3059eaa839ac178baac9090106c8, Fake md5: 7090d3436eeb4e7da3373090a23448f7
2011/04/18 20:07:51.0399 4944 vwififlt - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/04/18 20:07:51.0540 4944 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/04/18 20:07:51.0727 4944 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2011/04/18 20:07:51.0743 4944 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2011/04/18 20:07:51.0930 4944 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/04/18 20:07:52.0086 4944 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/04/18 20:07:52.0289 4944 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/04/18 20:07:52.0445 4944 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/04/18 20:07:52.0710 4944 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
2011/04/18 20:07:52.0897 4944 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
2011/04/18 20:07:53.0115 4944 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/04/18 20:07:53.0396 4944 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
2011/04/18 20:07:53.0568 4944 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/04/18 20:07:53.0958 4944 ================================================================================
2011/04/18 20:07:53.0958 4944 Scan finished
2011/04/18 20:07:53.0958 4944 ================================================================================
2011/04/18 20:07:53.0973 3000 Detected object count: 1
2011/04/18 20:08:49.0494 3000 vwififlt (22cb3059eaa839ac178baac9090106c8) C:\windows\system32\DRIVERS\vwififlt.sys
2011/04/18 20:08:49.0494 3000 Suspicious file (Forged): C:\windows\system32\DRIVERS\vwififlt.sys. Real md5: 22cb3059eaa839ac178baac9090106c8, Fake md5: 7090d3436eeb4e7da3373090a23448f7
2011/04/18 20:08:49.0650 3000 Backup copy found, using it..
2011/04/18 20:08:49.0697 3000 C:\windows\system32\DRIVERS\vwififlt.sys - will be cured after reboot
2011/04/18 20:08:49.0697 3000 Rootkit.Win32.TDSS.tdl3(vwififlt) - User select action: Cure
2011/04/18 20:08:52.0520 2028 Deinitialize success

3. ComboFix Log
Please Note: I did all the steps you gave me, but it still said Avira Antivirus/firewall was still running. The Avira Regcleaner removed some files, i rebooted but it still said it was running...

ComboFix 11-04-15.03 - Toshiba 18/04/2011 20:41:17.5.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3037.2080 [GMT 10:00]
Running from: c:\users\Toshiba\Desktop\ComboFix.exe
Command switches used :: c:\users\Toshiba\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: Avira FireWall *Enabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-03-18 to 2011-04-18 )))))))))))))))))))))))))))))))
.
.
2011-04-16 09:05 . 2011-04-16 09:05 -------- d-----w- c:\users\Toshiba\AppData\Roaming\SUPERAntiSpyware.com
2011-04-16 09:05 . 2011-04-16 09:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-16 09:04 . 2011-04-16 09:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-16 07:50 . 2011-04-16 07:50 -------- d-----w- c:\users\Toshiba\AppData\Local\Apps
2011-04-16 07:10 . 2011-04-16 07:10 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Malwarebytes
2011-04-16 07:10 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-16 07:10 . 2011-04-16 07:10 -------- d-----w- c:\programdata\Malwarebytes
2011-04-16 07:10 . 2011-04-16 07:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-16 07:10 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-16 03:56 . 2011-04-16 03:56 -------- d-----w- c:\users\Toshiba\AppData\Local\ESET
2011-04-16 03:54 . 2011-04-16 03:54 -------- d-----w- c:\program files\ESET
2011-04-16 01:20 . 2011-04-16 01:20 -------- d-----w- c:\windows\system32\SPReview
2011-04-16 01:18 . 2011-04-16 01:18 -------- d-----w- c:\windows\system32\EventProviders
2011-04-16 01:18 . 2011-04-16 01:20 -------- d-----w- C:\63eea4a7df5862e981c292cb
2011-04-16 01:11 . 2010-11-20 12:19 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-04-16 01:10 . 2010-11-20 12:21 233472 ----a-w- c:\windows\system32\taskbarcpl.dll
2011-04-16 01:09 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-16 01:09 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-16 01:09 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-16 01:09 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-04-16 01:09 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-16 01:08 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-04-16 01:08 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-16 01:07 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-16 01:07 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-16 00:37 . 2011-04-16 00:37 -------- d-----w- c:\users\Toshiba\AppData\Local\{36FECADB-55F1-4913-9C05-97E06D04DD0C}
2011-04-15 13:17 . 2011-04-15 13:18 -------- d-----w- c:\users\Toshiba\AppData\Local\ConduitEngine
2011-04-15 13:17 . 2011-04-15 13:18 -------- d-----w- c:\users\Toshiba\AppData\Local\ToggleEN
2011-04-15 12:37 . 2011-04-15 12:37 -------- d-----w- c:\users\Toshiba\AppData\Local\{B8C48358-4E13-4769-A405-CB3A3B9677D4}
2011-04-15 00:47 . 2011-02-23 04:48 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-15 00:47 . 2011-02-23 04:48 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 00:47 . 2011-02-23 04:47 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-15 00:47 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 00:47 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 00:47 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 00:47 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 00:46 . 2011-03-03 03:42 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 00:46 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 00:46 . 2010-11-20 12:17 802304 ----a-w- c:\windows\system32\WFS.exe
2011-04-15 00:46 . 2011-02-24 05:38 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 00:46 . 2011-03-08 05:28 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 00:46 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 00:46 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 00:46 . 2011-02-23 04:47 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 00:46 . 2011-02-23 04:47 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 00:46 . 2011-02-23 04:47 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 00:46 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 00:40 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCBB3D6D-8FB2-4C03-AB60-1D9D2226EC02}\mpengine.dll
2011-04-15 00:36 . 2011-04-15 00:36 -------- d-----w- c:\users\Toshiba\AppData\Local\{ABB7B861-79F3-496E-8C99-6D84BB6352EB}
2011-04-14 09:30 . 2011-04-14 09:30 -------- d-----w- c:\users\Toshiba\AppData\Local\{F9E701CF-3127-4F6C-B024-B0B901EFDC3E}
2011-04-13 21:29 . 2011-04-13 21:30 -------- d-----w- c:\users\Toshiba\AppData\Local\{A309CC34-B38B-44A7-B88F-A4CB0862F8B0}
2011-04-13 00:55 . 2011-04-13 00:56 -------- d-----w- c:\users\Toshiba\AppData\Local\{932A0323-3E52-48EA-94FE-59D93E4254DD}
2011-04-12 12:16 . 2011-04-12 12:16 -------- d-----w- c:\users\Toshiba\AppData\Local\{3DE9C516-7ED0-4F8C-878C-5718E8ED0F02}
2011-04-12 00:18 . 2011-04-12 00:19 -------- d-----w- c:\program files\bfgclient
2011-04-12 00:16 . 2011-04-12 00:16 -------- d-----w- c:\users\Toshiba\AppData\Local\{1AB05C69-3E09-4243-8215-36E5E4A52472}
2011-04-11 07:26 . 1995-01-29 14:00 92208 ----a-w- c:\windows\system32\WING.DLL
2011-04-11 02:31 . 2011-04-11 02:32 -------- d-----w- c:\users\Toshiba\AppData\Local\{67CEFC8D-EC27-4E88-B179-7D88354BB6CF}
2011-04-11 02:25 . 2011-04-11 02:25 -------- d-----w- c:\windows\en
2011-04-11 02:23 . 2009-09-04 07:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-11 02:23 . 2009-09-04 07:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-11 02:23 . 2009-09-04 07:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-11 02:17 . 2011-04-11 02:17 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\ab9b4eb61cbf7ee0d\MeshBetaRemover.exe
2011-04-11 02:11 . 2011-04-12 00:18 -------- d-----w- c:\programdata\Big Fish Games
2011-04-11 02:10 . 2011-04-12 00:19 -------- d-----w- C:\BigFishGamesCache
2011-04-11 00:55 . 2011-04-11 00:55 -------- d-----w- c:\users\Toshiba\AppData\Local\{4A2ADBCA-97EE-4FDF-83C7-4EC093662A08}
2011-04-10 11:00 . 2011-04-10 11:00 -------- d-----w- c:\users\Toshiba\AppData\Local\{275B0EDC-09AF-4D14-91CC-354B32D0B857}
2011-04-09 22:59 . 2011-04-09 23:00 -------- d-----w- c:\users\Toshiba\AppData\Local\{3B2A8FF1-D5D0-4922-82D2-25197B41E197}
2011-04-09 18:44 . 2011-04-09 18:44 -------- d-----w- c:\users\Toshiba\AppData\Local\{E15B8016-B3BC-4666-84A7-E70656F522BD}
2011-04-09 06:42 . 2011-04-09 06:43 -------- d-----w- c:\users\Toshiba\AppData\Local\{170C386D-E6F3-4548-AFFB-90FDB0622129}
2011-04-09 06:37 . 2011-04-09 06:37 -------- d-----w- c:\users\Toshiba\AppData\Local\{64A13EA7-93A4-4DFF-B19C-8324770422A5}
2011-04-09 06:31 . 2011-04-09 06:31 -------- d-----w- c:\users\Toshiba\AppData\Local\{5019AE5F-F43C-45B3-AEEB-B052B4038428}
2011-04-08 10:43 . 2011-04-08 10:43 -------- d-----w- c:\users\Toshiba\AppData\Local\{8D0F83BD-32CA-4B5C-ACC4-76522FA1D4C8}
2011-04-06 06:48 . 2011-04-06 06:48 -------- d-----w- c:\users\Toshiba\AppData\Local\{3E8E4C44-A5CF-4029-A354-DE84D102E5C1}
2011-04-05 10:12 . 2011-04-05 10:12 -------- d-----w- c:\users\Toshiba\AppData\Local\{50D133E7-6427-43A2-A0DA-F22D0E86EB68}
2011-04-04 22:12 . 2011-04-04 22:12 -------- d-----w- c:\users\Toshiba\AppData\Local\{3ACD002D-9243-43F7-892A-ECC7F7755C8B}
2011-04-04 10:58 . 2011-04-04 10:58 5027 ----a-w- c:\users\Toshiba\AppData\Local\elahemofivu.dll
2011-04-04 06:47 . 2011-04-04 06:48 -------- d-----w- c:\users\Toshiba\AppData\Local\{8FBD8347-DDBB-4584-B076-D48FADA51B61}
2011-04-03 10:05 . 2011-04-03 10:05 -------- d-----w- c:\users\Toshiba\AppData\Local\{AF58581A-C43C-4FCF-8751-17FFA5F93DFC}
2011-04-02 00:58 . 2011-04-16 01:51 0 ----a-w- c:\users\Toshiba\AppData\Local\Idorap.bin
2011-04-01 23:09 . 2011-04-11 07:32 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Heritage Key VX Viewer
2011-04-01 22:13 . 2011-04-01 22:13 -------- d-----w- c:\program files\Hewlett-Packard
2011-03-28 09:28 . 2011-03-28 09:29 -------- d-----w- c:\programdata\EPSON
2011-03-26 00:23 . 2011-03-26 00:23 -------- d-----w- c:\users\Toshiba\FrostWire
2011-03-25 23:02 . 2011-03-25 23:02 -------- d-----w- c:\program files\Microsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 10:09 . 2009-07-13 23:52 48128 ----a-w- c:\windows\system32\drivers\vwififlt.sys
2011-04-16 01:27 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-15 13:18 . 2011-03-10 10:47 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-08 21:03 . 2010-06-24 00:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-22 08:12 . 2011-02-22 08:12 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-02-19 06:30 . 2011-03-09 07:28 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-09 07:28 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-09 07:28 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 05:36 . 2011-02-18 05:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 05:36 . 2011-02-18 05:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 05:54 . 2011-02-09 05:57 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 07:11 . 2010-03-19 06:24 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Toshiba\AppData\Local\{170C386D-E6F3-4548-AFFB-90FDB0622129} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{1AB05C69-3E09-4243-8215-36E5E4A52472} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{275B0EDC-09AF-4D14-91CC-354B32D0B857} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{3ACD002D-9243-43F7-892A-ECC7F7755C8B} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{3B2A8FF1-D5D0-4922-82D2-25197B41E197} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{3DE9C516-7ED0-4F8C-878C-5718E8ED0F02} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{3E8E4C44-A5CF-4029-A354-DE84D102E5C1} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{4A2ADBCA-97EE-4FDF-83C7-4EC093662A08} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{5019AE5F-F43C-45B3-AEEB-B052B4038428} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{50D133E7-6427-43A2-A0DA-F22D0E86EB68} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{64A13EA7-93A4-4DFF-B19C-8324770422A5} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{67CEFC8D-EC27-4E88-B179-7D88354BB6CF} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{8D0F83BD-32CA-4B5C-ACC4-76522FA1D4C8} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{8FBD8347-DDBB-4584-B076-D48FADA51B61} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{932A0323-3E52-48EA-94FE-59D93E4254DD} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{A309CC34-B38B-44A7-B88F-A4CB0862F8B0} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{ABB7B861-79F3-496E-8C99-6D84BB6352EB} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{AF58581A-C43C-4FCF-8751-17FFA5F93DFC} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{E15B8016-B3BC-4666-84A7-E70656F522BD} ----
.
.
---- Directory of c:\users\Toshiba\AppData\Local\{F9E701CF-3127-4F6C-B024-B0B901EFDC3E} ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ea0969b3-6e12-4ac0-b6c9-148e81247954}"= "c:\program files\Messenger_Plus_Live_Australia\tbMes1.dll" [2010-05-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 05:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]
2010-05-15 07:26 2515552 ----a-w- c:\program files\Messenger_Plus_Live_Australia\tbMes1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{ea0969b3-6e12-4ac0-b6c9-148e81247954}"= "c:\program files\Messenger_Plus_Live_Australia\tbMes1.dll" [2010-05-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{EA0969B3-6E12-4AC0-B6C9-148E81247954}"= "c:\program files\Messenger_Plus_Live_Australia\tbMes1.dll" [2010-05-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-18 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-09 4240760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-04-16 2219184]
.
c:\users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\DRIVERS\HPx9G2k.sys [2008-05-26 12658]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RTL2831UBDA;REALTEK 2831U BDA Driver;c:\windows\system32\drivers\RTL2831UBDA.sys [2009-08-27 95904]
R3 RTL2831UUSB;REALTEK 2831U USB Driver;c:\windows\system32\Drivers\RTL2831UUSB.sys [2009-08-27 32800]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-28 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-22 717296]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-04-18 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 41336]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-10 181616]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-28 859136]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 07:35]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 07:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.toggle.com/en/index.php?rvs=google
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{038cb5c7-48ea-4af9-94e0-a1646542e62b} - (no file)
WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
SafeBoot-klmdb.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:00000000
"ProductBase"=dword:00000001
"ProductCode"="{38D80A4C-D893-4985-BA3F-0B1D9E848CED}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.2.71.2"
"UniqueId"="000B77224DA9134F"
"ScannerBuild"=dword:00001dd3
"ScannerVersionId"=dword:000015fe
"ScannerVersion"="ready"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-18 20:51:57
ComboFix-quarantined-files.txt 2011-04-18 10:51
ComboFix2.txt 2011-04-17 01:43
.
Pre-Run: 18,322,817,024 bytes free
Post-Run: 18,024,542,208 bytes free
.
- - End Of File - - B28D633CD991BB5AE50802747420C8EE

4.Computer appears to be working normally, except for one little thing.
When it is connected to the internet, a 'Security alert' comes up saying
"You are about to view pages over a secure connection.
Any information you exchange with this site cannot be viewed by anyone else on the web.
[tickbox]In future do not show this warning"
If you press okay, it appears to do nothing.
(This did it before the virus as well, but the person tells me it happened quite some time before she realised she had a virus, so ??)

And NOD32 is not displaying its alert of finding "Win32/Olmarik Trojan"

Attached Files



#7 CraigWI

CraigWI
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 18 April 2011 - 07:03 AM

Also, i just found the Limewire toolbar installed (refered to ask.com in description), I did not see this when un-installing the other programs, and I've uninstalled it.
Sorry, did you want me to redo the couple of steps to give you 100% accurate logs?

#8 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 18 April 2011 - 07:18 AM

:thumbsup:
We are making progress.

Sorry, did you want me to redo the couple of steps to give you 100% accurate logs?

No new logs need for that. Thanks for the info though,

Please do step 6 in this guide to disable you CD-emulation software.




Step 1.
Removing leftovers of Avira:

AppRemover is an alternative to remove leftovers from Security softwares.
Here is a table of which softwares running on which OS that has been verified to be removed.
Instructions on how to use

As your system is Windows 7 32bit it could be able to remove Avira completely on your system.

Give it a try.

Step 2.
CFScript:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\users\Toshiba\AppData\Local\elahemofivu.dll
c:\users\Toshiba\AppData\Local\Idorap.bin

Folder::
c:\users\Toshiba\AppData\Local\{36FECADB-55F1-4913-9C05-97E06D04DD0C}
c:\users\Toshiba\AppData\Local\{B8C48358-4E13-4769-A405-CB3A3B9677D4}
c:\users\Toshiba\AppData\Local\{ABB7B861-79F3-496E-8C99-6D84BB6352EB}
c:\users\Toshiba\AppData\Local\{F9E701CF-3127-4F6C-B024-B0B901EFDC3E}
c:\users\Toshiba\AppData\Local\{A309CC34-B38B-44A7-B88F-A4CB0862F8B0}
c:\users\Toshiba\AppData\Local\{932A0323-3E52-48EA-94FE-59D93E4254DD}
c:\users\Toshiba\AppData\Local\{3DE9C516-7ED0-4F8C-878C-5718E8ED0F02}
c:\users\Toshiba\AppData\Local\{1AB05C69-3E09-4243-8215-36E5E4A52472}
c:\users\Toshiba\AppData\Local\{67CEFC8D-EC27-4E88-B179-7D88354BB6CF}
c:\users\Toshiba\AppData\Local\{4A2ADBCA-97EE-4FDF-83C7-4EC093662A08}
c:\users\Toshiba\AppData\Local\{275B0EDC-09AF-4D14-91CC-354B32D0B857}
c:\users\Toshiba\AppData\Local\{3B2A8FF1-D5D0-4922-82D2-25197B41E197}
c:\users\Toshiba\AppData\Local\{E15B8016-B3BC-4666-84A7-E70656F522BD}
c:\users\Toshiba\AppData\Local\{170C386D-E6F3-4548-AFFB-90FDB0622129}
c:\users\Toshiba\AppData\Local\{64A13EA7-93A4-4DFF-B19C-8324770422A5}
c:\users\Toshiba\AppData\Local\{5019AE5F-F43C-45B3-AEEB-B052B4038428}
c:\users\Toshiba\AppData\Local\{8D0F83BD-32CA-4B5C-ACC4-76522FA1D4C8}
c:\users\Toshiba\AppData\Local\{3E8E4C44-A5CF-4029-A354-DE84D102E5C1}
c:\users\Toshiba\AppData\Local\{50D133E7-6427-43A2-A0DA-F22D0E86EB68}
c:\users\Toshiba\AppData\Local\{3ACD002D-9243-43F7-892A-ECC7F7755C8B}
c:\users\Toshiba\AppData\Local\{8FBD8347-DDBB-4584-B076-D48FADA51B61}
c:\users\Toshiba\AppData\Local\{AF58581A-C43C-4FCF-8751-17FFA5F93DFC}
c:\users\Toshiba\FrostWire

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 3.
Security check:

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 4.
MBAM:

Please download Malwarebytes' Anti-Malware from Here

  • Launch Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 5.
OTL-scan:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, tick the box beside Scan All Users at the top.
  • Underneath Output at the top set it to Standard Output.
  • Underneath the option Extra Registry set it to Use SafeList.
  • Underneath the option File Scans tick the boxes beside Use Company Name WhiteList, Skip Microsoft Files, LOP Check, Purity Check.
  • Click the Run Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 6.
Things I would like to see in your reply:

  • The content of C:\ComboFix.txt from step 2.
  • The content of checkup.txt from step 3.
  • The content of the log from MBAM in step 4.
  • The content of OTL.txt and Extras.txt from step 5.

Edited by heir, 18 April 2011 - 07:30 AM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#9 CraigWI

CraigWI
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 18 April 2011 - 08:55 AM

I Thought i already did disable the CD-emulation software :S
The appremover didn't show any results for avira :S

1. Combofix Log
ComboFix 11-04-17.03 - Toshiba 18/04/2011 23:18:21.6.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3037.1905 [GMT 10:00]
Running from: c:\users\Toshiba\Desktop\ComboFix.exe
Command switches used :: c:\users\Toshiba\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: Avira FireWall *Enabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
FILE ::
"c:\users\Toshiba\AppData\Local\elahemofivu.dll"
"c:\users\Toshiba\AppData\Local\Idorap.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Toshiba\AppData\Local\{170C386D-E6F3-4548-AFFB-90FDB0622129}
c:\users\Toshiba\AppData\Local\{1AB05C69-3E09-4243-8215-36E5E4A52472}
c:\users\Toshiba\AppData\Local\{275B0EDC-09AF-4D14-91CC-354B32D0B857}
c:\users\Toshiba\AppData\Local\{36FECADB-55F1-4913-9C05-97E06D04DD0C}
c:\users\Toshiba\AppData\Local\{3ACD002D-9243-43F7-892A-ECC7F7755C8B}
c:\users\Toshiba\AppData\Local\{3B2A8FF1-D5D0-4922-82D2-25197B41E197}
c:\users\Toshiba\AppData\Local\{3DE9C516-7ED0-4F8C-878C-5718E8ED0F02}
c:\users\Toshiba\AppData\Local\{3E8E4C44-A5CF-4029-A354-DE84D102E5C1}
c:\users\Toshiba\AppData\Local\{4A2ADBCA-97EE-4FDF-83C7-4EC093662A08}
c:\users\Toshiba\AppData\Local\{5019AE5F-F43C-45B3-AEEB-B052B4038428}
c:\users\Toshiba\AppData\Local\{50D133E7-6427-43A2-A0DA-F22D0E86EB68}
c:\users\Toshiba\AppData\Local\{64A13EA7-93A4-4DFF-B19C-8324770422A5}
c:\users\Toshiba\AppData\Local\{67CEFC8D-EC27-4E88-B179-7D88354BB6CF}
c:\users\Toshiba\AppData\Local\{8D0F83BD-32CA-4B5C-ACC4-76522FA1D4C8}
c:\users\Toshiba\AppData\Local\{8FBD8347-DDBB-4584-B076-D48FADA51B61}
c:\users\Toshiba\AppData\Local\{932A0323-3E52-48EA-94FE-59D93E4254DD}
c:\users\Toshiba\AppData\Local\{A309CC34-B38B-44A7-B88F-A4CB0862F8B0}
c:\users\Toshiba\AppData\Local\{ABB7B861-79F3-496E-8C99-6D84BB6352EB}
c:\users\Toshiba\AppData\Local\{AF58581A-C43C-4FCF-8751-17FFA5F93DFC}
c:\users\Toshiba\AppData\Local\{B8C48358-4E13-4769-A405-CB3A3B9677D4}
c:\users\Toshiba\AppData\Local\{E15B8016-B3BC-4666-84A7-E70656F522BD}
c:\users\Toshiba\AppData\Local\{F9E701CF-3127-4F6C-B024-B0B901EFDC3E}
c:\users\Toshiba\AppData\Local\elahemofivu.dll
c:\users\Toshiba\AppData\Local\Idorap.bin
c:\users\Toshiba\FrostWire
c:\users\Toshiba\FrostWire\Saved\[ www.Torrentday.com ] - Charlie.St.Cloud[2010]DvDrip.AC3-aXXo.torrent
c:\users\Toshiba\FrostWire\Saved\Alanis_Morissette_-_Hand_In_My_Pocket_(Acoustic)_(2nafish).mpg.torrent
c:\users\Toshiba\FrostWire\Saved\Awaken.torrent
c:\users\Toshiba\FrostWire\Saved\Bliss n Eso - Bullet and a Target - single.torrent
c:\users\Toshiba\FrostWire\Saved\Bliss n Eso - Discography.torrent
c:\users\Toshiba\FrostWire\Saved\Bliss N Eso - Down By The River.mp3.torrent
c:\users\Toshiba\FrostWire\Saved\Bliss n Eso - Flowers in the Pavement.torrent
c:\users\Toshiba\FrostWire\Saved\Bliss N Eso - Flying Colours.torrent
c:\users\Toshiba\FrostWire\Saved\Bliss n Eso - Golden Year's.torrent
c:\users\Toshiba\FrostWire\Saved\Bliss n Eso - Running on Air (2010).torrent
c:\users\Toshiba\FrostWire\Saved\Bliss N Eso - Running On Air.torrent
c:\users\Toshiba\FrostWire\Saved\Bliss n Eso - The Mix Tape.torrent
c:\users\Toshiba\FrostWire\Saved\Bliss N Eso Flying Colours Live.torrent
c:\users\Toshiba\FrostWire\Saved\Bliss N Eso.torrent
c:\users\Toshiba\FrostWire\Saved\Bliss_N_Eso-Live_At_The_Wireless.mp3.torrent
c:\users\Toshiba\FrostWire\Saved\Britt Nicole - Say It.torrent
c:\users\Toshiba\FrostWire\Saved\Britt Nicole - The Lost Get Found (2009).torrent
c:\users\Toshiba\FrostWire\Saved\Britt Nicole - The Lost Get Found (2009)0F3E.torrent
c:\users\Toshiba\FrostWire\Saved\Britt_Nicole_-_Believe_(Xvid-2nafish).avi.torrent
c:\users\Toshiba\FrostWire\Saved\Chain Reaction.torrent
c:\users\Toshiba\FrostWire\Saved\Chantal Kreviazuk - Discography 1996 - 2009 [FLAC] [h33t] - Kitlope.torrent
c:\users\Toshiba\FrostWire\Saved\Charlie St. Cloud[2010]DVDRip-MXMG.torrent
c:\users\Toshiba\FrostWire\Saved\Charlie.St.Cloud.2010.720p.BluRay.x264.DTS-WiKi.torrent
c:\users\Toshiba\FrostWire\Saved\Christina Aguilera - Candyman.mp3.torrent
c:\users\Toshiba\FrostWire\Saved\Come Around.torrent
c:\users\Toshiba\FrostWire\Saved\Cut Copy Discography.torrent
c:\users\Toshiba\FrostWire\Saved\Cute Is What We Aim For.torrent
c:\users\Toshiba\FrostWire\Saved\Dirt.torrent
c:\users\Toshiba\FrostWire\Saved\E.T. - Katy Perry.mp3.torrent
c:\users\Toshiba\FrostWire\Saved\Eurotrip -Soundtrack.torrent
c:\users\Toshiba\FrostWire\Saved\FleetWood Mac Greatest Hits.torrent
c:\users\Toshiba\FrostWire\Saved\Footloose [Original Soundtrack] (1984).torrent
c:\users\Toshiba\FrostWire\Saved\Forever the Sickest Kids.torrent
c:\users\Toshiba\FrostWire\Saved\Four.Eyed.Monsters.HQ.x264-VODO.torrent
c:\users\Toshiba\FrostWire\Saved\frostwire-4.21.3.windows.exe.torrent
c:\users\Toshiba\FrostWire\Saved\FTSK DISCOGRAPHY.torrent
c:\users\Toshiba\FrostWire\Saved\Glee - The Music, Volume 4 [2010-MP3-Cov][MJN].torrent
c:\users\Toshiba\FrostWire\Saved\Glee Season 1 Complete -AVI.torrent
c:\users\Toshiba\FrostWire\Saved\Gossip.Girl.S04E01.HDTV.XviD-LOL.[VTV].avi.torrent
c:\users\Toshiba\FrostWire\Saved\Gossip.Girl.S04E03.HDTV.XviD-P0W4.[VTV].avi.torrent
c:\users\Toshiba\FrostWire\Saved\Gossip.Girl.S04E04.HDTV.XviD-2HD.[VTV].avi.torrent
c:\users\Toshiba\FrostWire\Saved\Gossip.Girl.S04E05.HDTV.XviD-LOL.[VTV].avi.torrent
c:\users\Toshiba\FrostWire\Saved\Gossip.Girl.S04E06.Easy.J.HDTV.XviD-2HD.[VTV].avi.torrent
c:\users\Toshiba\FrostWire\Saved\Gossip.Girl.S04E07.War.at.the.Roses.HDTV.XviD-FQM.[VTV].avi.torrent
c:\users\Toshiba\FrostWire\Saved\Gossip.Girl.S04E08.HDTV.XviD-2HD.[VTV].avi.torrent
c:\users\Toshiba\FrostWire\Saved\Gossip.Girl.S04E09.The.Witches.of.Bushwick.HDTV.XviD-FQM.[VTV].avi.torrent
c:\users\Toshiba\FrostWire\Saved\Gossip.Girl.S04E10.HDTV.XviD-P0W4.[VTV].avi.torrent
c:\users\Toshiba\FrostWire\Saved\Gossip.Girl.S04E11.HDTV.XviD-2HD.[VTV].avi.torrent
c:\users\Toshiba\FrostWire\Saved\Gossip.Girl.S04E12.HDTV.XviD-2HD.[VTV].avi.torrent
c:\users\Toshiba\FrostWire\Saved\Harry Potter and the Deathly Hallows Part 1 2010 TS Rip XviD - {RedDragon}.torrent
c:\users\Toshiba\FrostWire\Saved\Harry Potter And The Deathly Hallows Part 1.2010.PPVRIP.XviD-Bellíc.torrent
c:\users\Toshiba\FrostWire\Saved\How.I.Met.Your.Mother.S03E20.HDTV.XviD-LOL.torrent
c:\users\Toshiba\FrostWire\Saved\Howls.Moving.Castle.2004.HDRip.XviD.AC3-ViSiON.[UsaBit.com].torrent
c:\users\Toshiba\FrostWire\Saved\Howls.Moving.Castle.2005.DVD.RIP.XviD.ENGLISH.DUB.avi.torrent
c:\users\Toshiba\FrostWire\Saved\HP-7-WBZ.avi.torrent
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2004 - Beautiful Soul\01 - She's No You.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2004 - Beautiful Soul\02 - Beautiful Soul.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2004 - Beautiful Soul\03 - Get Your Shine On.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2004 - Beautiful Soul\04 - Take Your Sweet Time.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2004 - Beautiful Soul\05 - Without U.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2004 - Beautiful Soul\06 - Why Don't You Kiss Her.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2004 - Beautiful Soul\07 - That Was Then.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2004 - Beautiful Soul\08 - Come to Me.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2004 - Beautiful Soul\09 - What's Your Name.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2004 - Beautiful Soul\10 - Because You Live.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2004 - Beautiful Soul\11 - Why Is Love So Hard to Find.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2004 - Beautiful Soul\12 - The Stupid Things.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2004 - Beautiful Soul\13 - Good Life (Bonus Track).mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2004 - Beautiful Soul\Cover 1.jpg
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2004 - Beautiful Soul\Cover 2.jpg
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2004 - Beautiful Soul\Jesse McCartney - Beautiful Soul.m3u
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2004 - Beautiful Soul\Jesse McCartney - Beautiful Soul.sfv
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2006 - Right Where You Want Me\01 - Right Where You Want Me.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2006 - Right Where You Want Me\02 - Just So You Know.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2006 - Right Where You Want Me\03 - Blow Your Mind.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2006 - Right Where You Want Me\04 - Right Back In The Water.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2006 - Right Where You Want Me\05 - Anybody.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2006 - Right Where You Want Me\06 - Tell Her.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2006 - Right Where You Want Me\07 - Just Go.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2006 - Right Where You Want Me\08 - Can't Let You Go.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2006 - Right Where You Want Me\09 - We Can Go Anywhere.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2006 - Right Where You Want Me\10 - Feelin' You.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2006 - Right Where You Want Me\11 - Invincible.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2006 - Right Where You Want Me\12 - Daddy's Little Girl.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2006 - Right Where You Want Me\Cover.jpg
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2006 - Right Where You Want Me\Jesse McCartney - Right Where You Want Me.m3u
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2006 - Right Where You Want Me\Jesse McCartney - Right Where You Want Me.sfv
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2008 - Departure\01 - Leavin'.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2008 - Departure\02 - It's Over.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2008 - Departure\03 - Rock You (Feat. Sean Garrett).mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2008 - Departure\04 - How Do You Sleep.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2008 - Departure\05 - Into Ya.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2008 - Departure\06 - Makeup.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2008 - Departure\07 - My Baby.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2008 - Departure\08 - Told You So.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2008 - Departure\09 - Relapse.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2008 - Departure\10 - Runnin'.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2008 - Departure\11 - Freaky.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2008 - Departure\12 - Not Your Enemy.mp3
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2008 - Departure\Cover 1.jpg
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2008 - Departure\Cover 2.jpg
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2008 - Departure\Jesse McCartney - Departure.m3u
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\2008 - Departure\Jesse McCartney - Departure.sfv
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\E-King.nfo
c:\users\Toshiba\FrostWire\Saved\Jesse McCartney - Discography\Jesse McCartney.jpg
c:\users\Toshiba\FrostWire\Saved\Jessica Mauboy - Get 'Em Girls (feat. Snoop Dogg) [2010-Single][MJN].torrent
c:\users\Toshiba\FrostWire\Saved\John Farnham - Whispering Jack [20th Anniversary][Cov+CD][Bubanee].torrent
c:\users\Toshiba\FrostWire\Saved\Lilly Allen - Allright Still.torrent
c:\users\Toshiba\FrostWire\Saved\Love Revolution.torrent
c:\users\Toshiba\FrostWire\Saved\Lupe Fiasco - The Show Goes On\folder.jpg
c:\users\Toshiba\FrostWire\Saved\Lupe Fiasco - The Show Goes On\Lupe Fiasco - The Show Goes On.mp3
c:\users\Toshiba\FrostWire\Saved\Midnight Remember.torrent
c:\users\Toshiba\FrostWire\Saved\Miley Cyrus & John Travolta - I Thought I Lost You.torrent
c:\users\Toshiba\FrostWire\Saved\Natalie_Grant-Held(dvd-2nafish).mpg.torrent
c:\users\Toshiba\FrostWire\Saved\Nelly - Just A Dream.torrent
c:\users\Toshiba\FrostWire\Saved\Real Hip-Hop iz Ova Here!.torrent
c:\users\Toshiba\FrostWire\Saved\Relentless (With Bonus Track).torrent
c:\users\Toshiba\FrostWire\Saved\Savage Garden - Greatest Hits (2004) vtwin88cube.torrent
c:\users\Toshiba\FrostWire\Saved\Shanghai Noon (Jackie Chan) (DivX).torrent
c:\users\Toshiba\FrostWire\Saved\Sick of Sarah - 2205 BitTorrent Edition.torrent
c:\users\Toshiba\FrostWire\Saved\Sister Act I.avi.torrent
c:\users\Toshiba\FrostWire\Saved\Sister.Act.1992.Swesub.DVDrip.Royskatt.torrent
c:\users\Toshiba\FrostWire\Saved\Songs I Wish I Wrote.torrent
c:\users\Toshiba\FrostWire\Saved\Speaking Of Silence.torrent
c:\users\Toshiba\FrostWire\Saved\Stephen Jerzak.torrent
c:\users\Toshiba\FrostWire\Saved\Stronger.torrent
c:\users\Toshiba\FrostWire\Saved\Sugarland - Stuck Like Glue MP3.torrent
c:\users\Toshiba\FrostWire\Saved\Swear_and_Shake__Extended_Play__FrostClick.com_FrostWire.com__MP3_VBR_128k__2011_27_01.torrent
c:\users\Toshiba\FrostWire\Saved\Tatu - All about us (Uncensored).mp4.torrent
c:\users\Toshiba\FrostWire\Saved\Tatu - Dangerous And Moving.torrent
c:\users\Toshiba\FrostWire\Saved\Tatu - Happy Smiles - 2008.(www.lokotorrents.com).torrent
c:\users\Toshiba\FrostWire\Saved\Tatu - Not Gonna Get Us (Ultimix).mp3.torrent
c:\users\Toshiba\FrostWire\Saved\Tatu - The Best.torrent
c:\users\Toshiba\FrostWire\Saved\Tenth Avenue North - The Lights Meet The Dark [MP3 320Kbps].torrent
c:\users\Toshiba\FrostWire\Saved\Tenth Avenue North.torrent
c:\users\Toshiba\FrostWire\Saved\The Academy Is.._.torrent
c:\users\Toshiba\FrostWire\Saved\The Audition - Controversy Loves Company.torrent
c:\users\Toshiba\FrostWire\Saved\The Audition - Great Danger.torrent
c:\users\Toshiba\FrostWire\Saved\The Audition - Self Titled Album.torrent
c:\users\Toshiba\FrostWire\Saved\The Boat That Rocked OST.torrent
c:\users\Toshiba\FrostWire\Saved\The Cab.torrent
c:\users\Toshiba\FrostWire\Saved\The Summer Set.torrent
c:\users\Toshiba\FrostWire\Saved\The.Hurt.Locker.2008.720p.BluRay.DTS.x264-CtrlHD.torrent
c:\users\Toshiba\FrostWire\Saved\The_Audition_-_My_Temperature's_Rising_(Xvid-2nafish).avi.torrent
c:\users\Toshiba\FrostWire\Saved\Time_Crisis__Time_Crisis__FrostClick.com_FrostWire.com__MP3_VBR_184k_2010_11_02\00__Time_Crisis__Intro_FrostWire.com.mp3
c:\users\Toshiba\FrostWire\Saved\Time_Crisis__Time_Crisis__FrostClick.com_FrostWire.com__MP3_VBR_184k_2010_11_02\01__Time Crisis__Reach__Time_Crisis__FrostWire.com.mp3
c:\users\Toshiba\FrostWire\Saved\Time_Crisis__Time_Crisis__FrostClick.com_FrostWire.com__MP3_VBR_184k_2010_11_02\02__Time Crisis__Heaven__Time_Crisis__FrostWire.com.mp3
c:\users\Toshiba\FrostWire\Saved\Time_Crisis__Time_Crisis__FrostClick.com_FrostWire.com__MP3_VBR_184k_2010_11_02\03__Time Crisis__Pen_to_Paper__Time_Crisis__FrostWire.com.mp3
c:\users\Toshiba\FrostWire\Saved\Time_Crisis__Time_Crisis__FrostClick.com_FrostWire.com__MP3_VBR_184k_2010_11_02\04__Time Crisis__Bricks__Time_Crisis__FrostWire.com.mp3
c:\users\Toshiba\FrostWire\Saved\Time_Crisis__Time_Crisis__FrostClick.com_FrostWire.com__MP3_VBR_184k_2010_11_02\05__Time Crisis__Jazzercise__Time_Crisis__FrostWire.com.mp3
c:\users\Toshiba\FrostWire\Saved\Time_Crisis__Time_Crisis__FrostClick.com_FrostWire.com__MP3_VBR_184k_2010_11_02\06__Time Crisis__Off_the_Ground__Time_Crisis__FrostWire.com.mp3
c:\users\Toshiba\FrostWire\Saved\Time_Crisis__Time_Crisis__FrostClick.com_FrostWire.com__MP3_VBR_184k_2010_11_02\07__Time Crisis__Blue_Lips__Time_Crisis__FrostWire.com.mp3
c:\users\Toshiba\FrostWire\Saved\Time_Crisis__Time_Crisis__FrostClick.com_FrostWire.com__MP3_VBR_184k_2010_11_02\08__Time Crisis__Running_From_Giants__Time_Crisis__FrostWire.com.mp3
c:\users\Toshiba\FrostWire\Saved\Time_Crisis__Time_Crisis__FrostClick.com_FrostWire.com__MP3_VBR_184k_2010_11_02\09__Time Crisis__Turbulence__Time_Crisis__FrostWire.com.mp3
c:\users\Toshiba\FrostWire\Saved\Time_Crisis__Time_Crisis__FrostClick.com_FrostWire.com__MP3_VBR_184k_2010_11_02\10__Time Crisis__Resolve__Time_Crisis__FrostWire.com.mp3
c:\users\Toshiba\FrostWire\Saved\Time_Crisis__Time_Crisis__FrostClick.com_FrostWire.com__MP3_VBR_184k_2010_11_02\Time_Crisis__Album_Artwork.jpg
c:\users\Toshiba\FrostWire\Saved\Time_Crisis__Time_Crisis__FrostClick.com_FrostWire.com__MP3_VBR_184k_2010_11_02\Time_Crisis__License.txt
c:\users\Toshiba\FrostWire\Saved\Time_Crisis__Time_Crisis__FrostClick.com_FrostWire.com__MP3_VBR_184k_2010_11_02\Time_Crisis__Press_Photo.jpg
c:\users\Toshiba\FrostWire\Saved\Time_Crisis__Time_Crisis__FrostClick.com_FrostWire.com__MP3_VBR_184k_2010_11_02\Time_Crisis__Press_Release.pdf
c:\users\Toshiba\FrostWire\Saved\TTC - The Evidence for Evolution [Audition].torrent
c:\users\Toshiba\FrostWire\Saved\Ultimate Dirty Dancing (Soundtrack, 1987).torrent
c:\users\Toshiba\FrostWire\Saved\värsting till syster.torrent
c:\users\Toshiba\FrostWire\Saved\You Me At Six.torrent
c:\users\Toshiba\FrostWire\Saved\yourlove.mp3.torrent
c:\users\Toshiba\FrostWire\Torrents\Jesse_McCartney_-_Discography_2004-2008.4449597.TPB[1].torrent
c:\users\Toshiba\FrostWire\Torrents\Lupe_Fiasco_-_The_Show_Goes_On_[2010-Single][SW].5973403.TPB[1].torrent
c:\users\Toshiba\FrostWire\Torrents\Time_Crisis__Time_Crisis__FrostClick.com_FrostWire.com__MP3_VBR_184k_2010_11_02.torrent
.
.
((((((((((((((((((((((((( Files Created from 2011-03-18 to 2011-04-18 )))))))))))))))))))))))))))))))
.
.
2011-04-18 13:27 . 2011-04-18 13:27 -------- d-----w- c:\users\Toshiba\AppData\Local\temp
2011-04-18 13:27 . 2011-04-18 13:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-18 00:53 . 2011-04-18 00:53 -------- d-----w- c:\users\Toshiba\AppData\Local\{4F10E9A1-83A0-4F94-90F5-7B60A8350C33}
2011-04-17 00:37 . 2011-04-17 00:38 -------- d-----w- c:\users\Toshiba\AppData\Local\{D0303F00-79C5-4D7D-98DA-4B71F40A5497}
2011-04-17 00:11 . 2011-04-17 00:11 -------- d-----w- c:\users\Toshiba\AppData\Local\{214B1FBB-3A8C-4BAB-95D3-A43550CCDBAC}
2011-04-16 12:40 . 2011-04-16 12:40 -------- d-----w- c:\users\Toshiba\AppData\Local\{38B8862C-4CB7-4F13-84CA-363E6212BC39}
2011-04-16 12:21 . 2011-04-16 12:21 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-16 12:20 . 2011-04-16 12:20 -------- d-----w- c:\users\Toshiba\AppData\Local\Sunbelt Software
2011-04-16 12:19 . 2011-04-17 00:28 -------- d-----w- c:\programdata\Lavasoft
2011-04-16 09:05 . 2011-04-16 09:05 -------- d-----w- c:\users\Toshiba\AppData\Roaming\SUPERAntiSpyware.com
2011-04-16 09:05 . 2011-04-16 09:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-16 09:04 . 2011-04-16 09:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-16 07:50 . 2011-04-16 07:50 -------- d-----w- c:\users\Toshiba\AppData\Local\Apps
2011-04-16 07:10 . 2011-04-16 07:10 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Malwarebytes
2011-04-16 07:10 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-16 07:10 . 2011-04-16 07:10 -------- d-----w- c:\programdata\Malwarebytes
2011-04-16 07:10 . 2011-04-16 07:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-16 07:10 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-16 03:56 . 2011-04-16 03:56 -------- d-----w- c:\users\Toshiba\AppData\Local\ESET
2011-04-16 03:54 . 2011-04-16 03:54 -------- d-----w- c:\program files\ESET
2011-04-16 01:20 . 2011-04-16 01:20 -------- d-----w- c:\windows\system32\SPReview
2011-04-16 01:18 . 2011-04-16 01:18 -------- d-----w- c:\windows\system32\EventProviders
2011-04-16 01:18 . 2011-04-16 01:20 -------- d-----w- C:\63eea4a7df5862e981c292cb
2011-04-16 01:11 . 2010-11-20 12:19 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-04-16 01:10 . 2010-11-20 12:21 233472 ----a-w- c:\windows\system32\taskbarcpl.dll
2011-04-16 01:09 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-16 01:09 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-16 01:09 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-16 01:09 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-04-16 01:09 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-16 01:08 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-04-16 01:08 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-16 01:07 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-16 01:07 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-15 13:17 . 2011-04-15 13:18 -------- d-----w- c:\users\Toshiba\AppData\Local\ConduitEngine
2011-04-15 13:17 . 2011-04-15 13:18 -------- d-----w- c:\users\Toshiba\AppData\Local\ToggleEN
2011-04-15 00:47 . 2011-02-23 04:48 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-15 00:47 . 2011-02-23 04:48 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 00:47 . 2011-02-23 04:47 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-15 00:47 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 00:47 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 00:47 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 00:47 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 00:46 . 2011-03-03 03:42 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 00:46 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 00:46 . 2010-11-20 12:17 802304 ----a-w- c:\windows\system32\WFS.exe
2011-04-15 00:46 . 2011-02-24 05:38 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 00:46 . 2011-03-08 05:28 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 00:46 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 00:46 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 00:46 . 2011-02-23 04:47 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 00:46 . 2011-02-23 04:47 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 00:46 . 2011-02-23 04:47 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 00:46 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 00:40 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCBB3D6D-8FB2-4C03-AB60-1D9D2226EC02}\mpengine.dll
2011-04-12 00:18 . 2011-04-12 00:19 -------- d-----w- c:\program files\bfgclient
2011-04-11 07:26 . 1995-01-29 14:00 92208 ----a-w- c:\windows\system32\WING.DLL
2011-04-11 02:25 . 2011-04-11 02:25 -------- d-----w- c:\windows\en
2011-04-11 02:23 . 2009-09-04 07:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-11 02:23 . 2009-09-04 07:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-11 02:23 . 2009-09-04 07:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-11 02:17 . 2011-04-11 02:17 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\ab9b4eb61cbf7ee0d\MeshBetaRemover.exe
2011-04-11 02:11 . 2011-04-12 00:18 -------- d-----w- c:\programdata\Big Fish Games
2011-04-11 02:10 . 2011-04-12 00:19 -------- d-----w- C:\BigFishGamesCache
2011-04-01 23:09 . 2011-04-11 07:32 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Heritage Key VX Viewer
2011-04-01 22:13 . 2011-04-01 22:13 -------- d-----w- c:\program files\Hewlett-Packard
2011-03-28 09:28 . 2011-03-28 09:29 -------- d-----w- c:\programdata\EPSON
2011-03-25 23:02 . 2011-03-25 23:02 -------- d-----w- c:\program files\Microsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 10:09 . 2009-07-13 23:52 48128 ----a-w- c:\windows\system32\drivers\vwififlt.sys
2011-04-16 01:27 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-15 13:18 . 2011-03-10 10:47 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-08 21:03 . 2010-06-24 00:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-22 08:12 . 2011-02-22 08:12 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-02-19 06:30 . 2011-03-09 07:28 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-09 07:28 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-09 07:28 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 05:36 . 2011-02-18 05:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 05:36 . 2011-02-18 05:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 05:54 . 2011-02-09 05:57 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 07:11 . 2010-03-19 06:24 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 05:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-18 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-09 4240760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-04-16 2219184]
.
c:\users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\DRIVERS\HPx9G2k.sys [2008-05-26 12658]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RTL2831UBDA;REALTEK 2831U BDA Driver;c:\windows\system32\drivers\RTL2831UBDA.sys [2009-08-27 95904]
R3 RTL2831UUSB;REALTEK 2831U USB Driver;c:\windows\system32\Drivers\RTL2831UUSB.sys [2009-08-27 32800]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-28 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-22 717296]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-04-18 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 41336]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-10 181616]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-28 859136]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 07:35]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 07:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.toggle.com/en/index.php?rvs=google
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{ea0969b3-6e12-4ac0-b6c9-148e81247954} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:00000000
"ProductBase"=dword:00000001
"ProductCode"="{38D80A4C-D893-4985-BA3F-0B1D9E848CED}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.2.71.2"
"UniqueId"="000B77224DA9134F"
"ScannerBuild"=dword:00001dd3
"ScannerVersionId"=dword:000015fe
"ScannerVersion"="ready"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-18 23:29:23
ComboFix-quarantined-files.txt 2011-04-18 13:29
ComboFix2.txt 2011-04-17 01:43
.
Pre-Run: 17,798,815,744 bytes free
Post-Run: 17,616,134,144 bytes free
.
- - End Of File - - 10E1EDFB96EE7D4F21403AA4BD897D36


2.Checkup Log
Results of screen317's Security Check version 0.99.10
Windows 7 Service Pack 1 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Smart Security
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

3. MBAM Log
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6389

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

18/04/2011 11:39:39 PM
mbam-log-2011-04-18 (23-39-39).txt

Scan type: Quick scan
Objects scanned: 162977
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

4.1 OTL Log
OTL logfile created on: 4/18/2011 11:42:05 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Toshiba\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.32 Gb Total Space | 16.48 Gb Free Space | 5.76% Space Free | Partition Type: NTFS
Drive F: | 963.70 Mb Total Space | 153.50 Mb Free Space | 15.93% Space Free | Partition Type: FAT

Computer Name: TOSHIBA-PC | User Name: Toshiba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/18 10:53:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/18 04:48:46 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/08/18 04:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/08/11 04:57:12 | 000,181,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/08/06 08:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/04 12:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/04 12:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/30 17:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/30 17:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/29 14:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/29 09:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/18 13:52:38 | 000,181,616 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/07/14 09:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/07/08 03:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
PRC - [2009/03/28 12:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/03/11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/14 15:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe


========== Modules (SafeList) ==========

MOD - [2011/04/18 10:53:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
MOD - [2010/11/20 21:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/03/28 21:56:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/18 04:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/11 04:57:12 | 000,181,616 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/07 11:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/08/06 08:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/04 12:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/30 17:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/29 09:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/18 13:52:38 | 000,181,616 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/08 03:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2009/03/28 12:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/02/22 18:12:45 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/12/21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2010/12/21 13:47:38 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2010/12/21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/05/11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/28 16:19:22 | 000,859,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/08/28 02:40:36 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2831UUSB.sys -- (RTL2831UUSB)
DRV - [2009/08/28 02:40:34 | 000,095,904 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2831UBDA.sys -- (RTL2831UBDA)
DRV - [2009/07/31 11:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/31 11:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/31 06:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/25 09:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/22 08:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/15 09:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 09:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/03 08:55:36 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009/06/23 11:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/20 13:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/05/21 12:04:40 | 000,157,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/05/27 05:23:00 | 000,012,658 | ---- | M] (KINPOSH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HPx9G2k.sys -- (HPx9G+)
DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=google


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3859555962-3989031959-2705872258-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-3859555962-3989031959-2705872258-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3859555962-3989031959-2705872258-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/04/16 13:54:54 | 000,000,000 | ---D | M]

[2010/04/12 18:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Extensions
[2010/03/20 06:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/12 18:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\extensions
[2010/04/12 18:19:29 | 000,000,000 | ---D | M] (PlaySushi TextLinks) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\extensions\textlinks@playsushi.com

O1 HOSTS File: ([2011/04/18 23:27:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-3859555962-3989031959-2705872258-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3859555962-3989031959-2705872258-1004\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-21-3859555962-3989031959-2705872258-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3859555962-3989031959-2705872258-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3859555962-3989031959-2705872258-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3859555962-3989031959-2705872258-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3859555962-3989031959-2705872258-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3859555962-3989031959-2705872258-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3859555962-3989031959-2705872258-1004\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/18 23:29:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/18 23:29:25 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/04/18 23:29:25 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\temp
[2011/04/18 23:16:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/04/18 17:15:17 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\regcleaner
[2011/04/18 17:14:46 | 000,367,616 | ---- | C] (Avira GmbH) -- C:\Users\Toshiba\Desktop\removaltool-win32-en.exe
[2011/04/18 10:55:26 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
[2011/04/18 10:53:09 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{4F10E9A1-83A0-4F94-90F5-7B60A8350C33}
[2011/04/17 10:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic
[2011/04/17 10:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2011/04/17 10:37:59 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{D0303F00-79C5-4D7D-98DA-4B71F40A5497}
[2011/04/17 10:11:27 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{214B1FBB-3A8C-4BAB-95D3-A43550CCDBAC}
[2011/04/16 22:40:33 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{38B8862C-4CB7-4F13-84CA-363E6212BC39}
[2011/04/16 22:21:07 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2011/04/16 22:20:43 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Sunbelt Software
[2011/04/16 22:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/04/16 19:05:06 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/16 19:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/16 19:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/16 19:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/16 17:50:56 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Apps
[2011/04/16 17:10:22 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Malwarebytes
[2011/04/16 17:10:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/04/16 17:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/16 17:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/16 17:10:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/04/16 17:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/16 13:56:15 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\ESET
[2011/04/16 13:56:15 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\ESET
[2011/04/16 13:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/04/16 13:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/04/16 13:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/16 11:20:22 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2011/04/16 11:18:43 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2011/04/16 11:18:31 | 000,000,000 | ---D | C] -- C:\63eea4a7df5862e981c292cb
[2011/04/16 11:10:52 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\windows\System32\fms.dll
[2011/04/15 23:17:39 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\ToggleEN
[2011/04/15 23:17:39 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\ConduitEngine
[2011/04/12 10:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/04/11 14:15:56 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Documents\The White Wolf of Icicle Creek
[2011/04/11 12:25:25 | 000,000,000 | ---D | C] -- C:\windows\en
[2011/04/11 12:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2011/04/11 12:10:00 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2011/04/02 09:09:52 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Heritage Key VX Viewer
[2011/04/02 08:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 40gs, 39gs, 39G+, 39G Calculator Connectivity Kit
[2011/04/02 08:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/03/28 19:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2011/03/28 19:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2011/03/26 09:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/18 23:43:51 | 004,456,448 | -HS- | M] () -- C:\Users\Toshiba\ntuser.dat
[2011/04/18 23:27:30 | 000,000,231 | ---- | M] () -- C:\windows\system.ini
[2011/04/18 23:27:26 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/04/18 23:15:48 | 004,324,176 | R--- | M] () -- C:\Users\Toshiba\Desktop\ComboFix.exe
[2011/04/18 23:13:03 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/18 22:57:32 | 000,879,081 | ---- | M] () -- C:\Users\Toshiba\Desktop\SecurityCheck.exe
[2011/04/18 22:13:03 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/18 21:16:52 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/18 21:16:52 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/18 21:09:22 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2011/04/18 21:09:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/18 21:09:10 | 2388,295,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/18 21:08:30 | 001,971,019 | -H-- | M] () -- C:\Users\Toshiba\AppData\Local\IconCache.db
[2011/04/18 17:13:44 | 000,367,616 | ---- | M] (Avira GmbH) -- C:\Users\Toshiba\Desktop\removaltool-win32-en.exe
[2011/04/18 17:07:46 | 000,000,020 | ---- | M] () -- C:\Users\Toshiba\defogger_reenable
[2011/04/18 17:04:10 | 000,050,477 | ---- | M] () -- C:\Users\Toshiba\Desktop\Defogger.exe
[2011/04/18 10:53:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
[2011/04/17 10:40:37 | 000,000,996 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2011/04/16 22:39:04 | 000,301,568 | ---- | M] () -- C:\Users\Toshiba\Desktop\gmer.exe
[2011/04/16 22:38:38 | 000,625,664 | ---- | M] () -- C:\Users\Toshiba\Desktop\dds.scr
[2011/04/16 22:21:07 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2011/04/16 19:05:17 | 000,675,168 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/04/16 19:05:17 | 000,128,254 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/04/16 19:05:16 | 000,792,124 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2011/04/16 19:05:02 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 17:24:12 | 000,013,492 | -HS- | M] () -- C:\Users\Toshiba\AppData\Local\2901571632
[2011/04/16 17:24:12 | 000,013,492 | -HS- | M] () -- C:\ProgramData\2901571632
[2011/04/16 17:10:18 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/16 11:51:20 | 000,000,120 | ---- | M] () -- C:\Users\Toshiba\AppData\Local\Kcejonevozujit.dat
[2011/04/16 11:50:25 | 000,001,382 | ---- | M] () -- C:\Users\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/16 11:43:10 | 000,441,568 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/04/16 11:30:54 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2011/04/11 17:19:27 | 000,000,026 | ---- | M] () -- C:\windows\TLCAPPS.INI
[2011/04/03 17:10:48 | 000,001,886 | ---- | M] () -- C:\Users\Toshiba\Desktop\Paint.lnk
[2011/04/02 08:13:57 | 000,001,294 | ---- | M] () -- C:\Users\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\HP 40gs, 39gs, 39G+, 39G Calculator Connectivity Kit.lnk
[2011/04/02 08:13:57 | 000,001,270 | ---- | M] () -- C:\Users\Public\Desktop\HP 40gs, 39gs, 39G+, 39G Calculator Connectivity Kit.lnk
[2011/03/23 17:55:16 | 000,122,432 | ---- | M] () -- C:\Users\Toshiba\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/03/22 16:14:48 | 000,000,488 | ---- | M] () -- C:\windows\win.ini
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/18 23:31:01 | 000,879,081 | ---- | C] () -- C:\Users\Toshiba\Desktop\SecurityCheck.exe
[2011/04/18 17:07:25 | 000,000,020 | ---- | C] () -- C:\Users\Toshiba\defogger_reenable
[2011/04/18 17:07:06 | 000,050,477 | ---- | C] () -- C:\Users\Toshiba\Desktop\Defogger.exe
[2011/04/17 10:40:37 | 000,000,996 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2011/04/16 22:42:02 | 000,301,568 | ---- | C] () -- C:\Users\Toshiba\Desktop\gmer.exe
[2011/04/16 22:41:56 | 000,625,664 | ---- | C] () -- C:\Users\Toshiba\Desktop\dds.scr
[2011/04/16 19:05:02 | 000,001,936 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 19:03:58 | 004,324,176 | R--- | C] () -- C:\Users\Toshiba\Desktop\ComboFix.exe
[2011/04/16 17:10:18 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/16 11:30:54 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2011/04/16 11:12:19 | 000,146,852 | ---- | C] () -- C:\windows\System32\systemsf.ebd
[2011/04/16 11:12:11 | 000,419,880 | ---- | C] () -- C:\windows\System32\locale.nls
[2011/04/16 11:10:21 | 000,053,600 | ---- | C] () -- C:\windows\System32\dosx.exe
[2011/04/16 11:10:16 | 000,010,429 | ---- | C] () -- C:\windows\System32\ScavengeSpace.xml
[2011/04/16 11:09:59 | 000,105,559 | ---- | C] () -- C:\windows\System32\RacRules.xml
[2011/04/15 13:22:00 | 000,013,492 | -HS- | C] () -- C:\Users\Toshiba\AppData\Local\2901571632
[2011/04/15 13:22:00 | 000,013,492 | -HS- | C] () -- C:\ProgramData\2901571632
[2011/04/12 10:19:03 | 000,001,848 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2011/04/12 10:19:03 | 000,001,224 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2011/04/02 10:58:49 | 000,000,120 | ---- | C] () -- C:\Users\Toshiba\AppData\Local\Kcejonevozujit.dat
[2011/04/02 08:13:57 | 000,001,294 | ---- | C] () -- C:\Users\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\HP 40gs, 39gs, 39G+, 39G Calculator Connectivity Kit.lnk
[2011/04/02 08:13:57 | 000,001,270 | ---- | C] () -- C:\Users\Public\Desktop\HP 40gs, 39gs, 39G+, 39G Calculator Connectivity Kit.lnk
[2011/02/22 18:13:55 | 001,971,019 | -H-- | C] () -- C:\Users\Toshiba\AppData\Local\IconCache.db
[2011/01/08 16:48:40 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2010/12/19 16:33:27 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/12/05 11:11:44 | 000,000,000 | ---- | C] () -- C:\windows\Game.INI
[2010/12/03 10:17:45 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2010/11/04 19:16:33 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2010/11/04 19:16:33 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2010/11/04 19:16:33 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2010/11/04 19:16:33 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2010/11/04 19:16:33 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010/11/04 18:48:33 | 000,000,006 | ---- | C] () -- C:\Users\Toshiba\AppData\Roaming\start
[2010/11/02 15:12:07 | 000,212,616 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2010/09/04 14:49:51 | 000,000,291 | ---- | C] () -- C:\windows\EReg077.dat
[2010/09/04 14:47:19 | 000,000,026 | ---- | C] () -- C:\windows\TLCAPPS.INI
[2010/07/29 19:59:16 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2010/04/28 16:25:19 | 000,022,328 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2010/04/28 16:25:19 | 000,022,328 | ---- | C] () -- C:\Users\Toshiba\AppData\Roaming\PnkBstrK.sys
[2010/04/28 16:24:53 | 000,103,736 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2010/04/28 16:24:47 | 000,066,872 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2010/04/03 17:54:12 | 000,056,832 | ---- | C] () -- C:\windows\System32\iyvu9_32.dll
[2010/01/29 13:00:39 | 000,122,432 | ---- | C] () -- C:\Users\Toshiba\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/18 12:42:11 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/01/18 12:28:18 | 000,792,124 | ---- | C] () -- C:\windows\System32\PerfStringBackup.INI
[2010/01/18 12:27:34 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/01/18 12:23:17 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2010/01/18 12:23:17 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010/01/18 12:19:13 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2010/01/18 12:16:21 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe
[2010/01/18 12:16:21 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2010/01/18 12:16:21 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe
[2010/01/18 12:09:46 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 14:33:53 | 000,441,568 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 12:05:48 | 000,675,168 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 12:05:48 | 000,128,254 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 12:04:57 | 000,001,405 | ---- | C] () -- C:\windows\msdfmap.ini
[2009/07/14 12:04:23 | 000,000,488 | ---- | C] () -- C:\windows\win.ini
[2009/07/14 12:04:23 | 000,000,231 | ---- | C] () -- C:\windows\system.ini
[2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 08:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 08:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 08:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 08:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/07/14 07:41:05 | 000,000,718 | ---- | C] () -- C:\windows\System32\mscdexnt.exe
[2009/07/14 07:41:04 | 000,002,842 | ---- | C] () -- C:\windows\System32\redir.exe
[2009/07/14 07:41:02 | 000,000,882 | ---- | C] () -- C:\windows\System32\share.exe
[2009/07/14 07:41:02 | 000,000,882 | ---- | C] () -- C:\windows\System32\fastopen.exe
[2009/07/14 07:41:01 | 000,019,694 | ---- | C] () -- C:\windows\System32\GRAPHICS.COM
[2009/07/14 07:40:59 | 000,014,710 | ---- | C] () -- C:\windows\System32\KB16.COM
[2009/07/14 07:40:57 | 000,007,052 | ---- | C] () -- C:\windows\System32\nlsfunc.exe
[2009/07/14 07:40:57 | 000,001,131 | ---- | C] () -- C:\windows\System32\LOADFIX.COM
[2009/07/14 07:40:56 | 000,039,274 | ---- | C] () -- C:\windows\System32\mem.exe
[2009/07/14 07:40:54 | 000,011,753 | ---- | C] () -- C:\windows\System32\setver.exe
[2009/07/14 07:40:52 | 000,020,634 | ---- | C] () -- C:\windows\System32\debug.exe
[2009/07/14 07:40:51 | 000,008,424 | ---- | C] () -- C:\windows\System32\exe2bin.exe
[2009/07/14 07:40:50 | 000,012,642 | ---- | C] () -- C:\windows\System32\edlin.exe
[2009/07/14 07:40:49 | 000,012,498 | ---- | C] () -- C:\windows\System32\append.exe
[2009/07/14 07:40:48 | 000,050,648 | ---- | C] () -- C:\windows\System32\COMMAND.COM
[2009/07/14 07:40:44 | 000,027,097 | ---- | C] () -- C:\windows\System32\country.sys
[2009/07/14 07:40:43 | 000,042,809 | ---- | C] () -- C:\windows\System32\KEY01.SYS
[2009/07/14 07:40:43 | 000,042,537 | ---- | C] () -- C:\windows\System32\KEYBOARD.SYS
[2009/07/14 07:40:41 | 000,009,029 | ---- | C] () -- C:\windows\System32\ANSI.SYS
[2009/07/14 07:40:40 | 000,004,768 | ---- | C] () -- C:\windows\System32\HIMEM.SYS
[2009/07/14 07:40:39 | 000,029,274 | ---- | C] () -- C:\windows\System32\NTDOS412.SYS
[2009/07/14 07:40:35 | 000,029,370 | ---- | C] () -- C:\windows\System32\NTDOS411.SYS
[2009/07/14 07:40:31 | 000,029,146 | ---- | C] () -- C:\windows\System32\NTDOS404.SYS
[2009/07/14 07:40:27 | 000,029,146 | ---- | C] () -- C:\windows\System32\NTDOS804.SYS
[2009/07/14 07:40:23 | 000,027,866 | ---- | C] () -- C:\windows\System32\NTDOS.SYS
[2009/07/14 07:40:19 | 000,035,536 | ---- | C] () -- C:\windows\System32\NTIO412.SYS
[2009/07/14 07:40:17 | 000,035,776 | ---- | C] () -- C:\windows\System32\NTIO411.SYS
[2009/07/14 07:40:15 | 000,034,672 | ---- | C] () -- C:\windows\System32\NTIO404.SYS
[2009/07/14 07:40:13 | 000,034,672 | ---- | C] () -- C:\windows\System32\NTIO804.SYS
[2009/07/14 07:40:11 | 000,033,952 | ---- | C] () -- C:\windows\System32\NTIO.SYS
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\windows\System32\msjetoledb40.dll
[2009/07/14 06:29:46 | 000,013,312 | ---- | C] () -- C:\windows\System32\win87em.dll
[2009/06/11 07:42:32 | 000,069,886 | ---- | C] () -- C:\windows\System32\edit.com
[2009/06/11 07:39:59 | 000,060,124 | ---- | C] () -- C:\windows\System32\tcpmon.ini
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/04/28 22:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll
[2007/09/06 10:01:22 | 000,012,288 | ---- | C] () -- C:\windows\System32\DivXWMPExtType.dll
[2007/08/24 02:55:34 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2007/08/24 02:50:04 | 000,000,416 | ---- | C] () -- C:\windows\System32\dtu100.dll.manifest
[2007/08/24 02:50:04 | 000,000,416 | ---- | C] () -- C:\windows\System32\dpl100.dll.manifest

========== LOP Check ==========

[2010/12/05 08:53:23 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2010/11/30 14:18:41 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Big Fish Games
[2010/11/30 13:02:29 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\blg
[2011/02/05 14:37:23 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Boomzap
[2011/02/22 18:12:23 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\DAEMON Tools Lite
[2011/01/08 16:04:04 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\ERS Game Studios
[2011/04/16 13:56:15 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\ESET
[2011/01/08 11:38:17 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\FlyWheelGames
[2010/12/03 12:26:51 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\ForgottenRiddles
[2011/04/16 10:23:52 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\FrostWire
[2011/01/08 16:48:39 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Ghost Ship Studios
[2011/04/11 17:32:31 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Heritage Key VX Viewer
[2010/11/24 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\LimeWire
[2010/12/03 12:47:42 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Magnet's Story
[2010/03/20 07:31:26 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\MessengerGadget
[2011/01/10 14:01:24 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Mystery of Mortlake Mansion
[2011/01/15 12:02:49 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Namco
[2010/12/30 12:02:15 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\OpenCandy
[2010/11/30 12:49:06 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Scholastic
[2010/04/02 20:20:52 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Tific
[2010/04/11 13:32:32 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Toshiba
[2010/10/24 13:39:01 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Windows Live Writer
[2011/03/31 15:41:36 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:A88BE334
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:B73EC53A
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:88981452
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:9732698E
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:938EB9FC
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0785072C
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:2495D97A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A5584049
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:9D86EE01
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D47B19A6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:52C24010
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CA23BCFD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C0893153
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A1460B2A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8BE7A048
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:7ADB695A
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:3313A48D

< End of report >

4.2 Extras.txt
OTL Extras logfile created on: 4/18/2011 11:42:05 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Toshiba\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.32 Gb Total Space | 16.48 Gb Free Space | 5.76% Space Free | Partition Type: NTFS
Drive F: | 963.70 Mb Total Space | 153.50 Mb Free Space | 15.93% Space Free | Partition Type: FAT

Computer Name: TOSHIBA-PC | User Name: Toshiba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3859555962-3989031959-2705872258-1004\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai
"{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish
"{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A69F94-891E-42F8-824E-6F8669C0C95A}" = LifeCam Video Messages gadget
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 21
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese
"{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38D80A4C-D893-4985-BA3F-0B1D9E848CED}" = ESET Smart Security
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing
"{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"{433A39B0-380C-4634-93FE-12A812954F5B}" = BigPond Broadband ADSL
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{601E6234-EC57-0948-6E33-7F2339EC5AA1}" = ATI Catalyst Install Manager
"{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish
"{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech
"{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC6ECC37-F908-4575-D549-3E0F1084B2B3}" = ccc-utility
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New
"{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"3B7076EB3C51070DE9D6902E9696507D9B471345" = Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (03/27/2006 5.1213.06.0327)
"94703D1C50646DF5FB8D0FB50EB2216330EB89C9" = Windows Driver Package - Atheros Communications Inc. (arusb_lh) Net (09/25/2008 3.1.0.101)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BFGC" = Big Fish Games: Game Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HP 40gs, 39gs, 39G+, 39G Calculator Connectivity Kit" = HP 40gs, 39gs, 39G+, 39G Calculator Connectivity Kit
"InstallShield_{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"InstallShield_{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LTMOH" = LSI V92 MOH Application
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Registry Mechanic_is1" = Registry Mechanic 6.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3859555962-3989031959-2705872258-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"RGB Digital Direct" = RGB Digital Direct

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2011 11:34:27 PM | Computer Name = Toshiba-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7176

Error - 1/28/2011 11:34:28 PM | Computer Name = Toshiba-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/28/2011 11:34:28 PM | Computer Name = Toshiba-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8190

Error - 1/28/2011 11:34:28 PM | Computer Name = Toshiba-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8190

Error - 1/28/2011 11:34:29 PM | Computer Name = Toshiba-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/28/2011 11:34:29 PM | Computer Name = Toshiba-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9189

Error - 1/28/2011 11:34:29 PM | Computer Name = Toshiba-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9189

Error - 1/28/2011 11:34:30 PM | Computer Name = Toshiba-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/28/2011 11:34:30 PM | Computer Name = Toshiba-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10187

Error - 1/28/2011 11:34:30 PM | Computer Name = Toshiba-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10187

[ System Events ]
Error - 4/18/2011 9:27:27 AM | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/18/2011 9:29:33 AM | Computer Name = Toshiba-PC | Source = PNRPSvc | ID = 102
Description =

Error - 4/18/2011 9:29:33 AM | Computer Name = Toshiba-PC | Source = PNRPSvc | ID = 102
Description =

Error - 4/18/2011 9:29:33 AM | Computer Name = Toshiba-PC | Source = PNRPSvc | ID = 102
Description =

Error - 4/18/2011 9:29:33 AM | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 4/18/2011 9:29:33 AM | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 4/18/2011 9:29:33 AM | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 4/18/2011 9:29:33 AM | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 4/18/2011 9:29:33 AM | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 4/18/2011 9:29:33 AM | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535


< End of report >

Attached Files



#10 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 18 April 2011 - 02:26 PM

The appremover didn't show any results for avira :S

Seems like some leftovers that ComboFix finds.

We'll give this a try.

First if you have this folder C:\Documents on your computer do a backup of it or just temporarily rename it as the tool we are going to use have a small bug.


Lets see if this helps.

Please download Dial-A-Fix from here and save it to your Desktop.

Unzip it and open the newly created Dial-a-fix folder.

Double click Dial-a-fix.exe to run the program.

Click the green checkmark at the bottom of the window; this should select all options.

Now, click GO.

Allow it to run (the status will be displayed at the bottom), and follow any prompts you receive.

-------------

Reboot and run DDS.scr and post the content of DDS.txt in your reply.

-------------

We'll do a scan for leftovers as well


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Edited by heir, 18 April 2011 - 02:28 PM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#11 CraigWI

CraigWI
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 18 April 2011 - 09:10 PM

Dial a fix came up with an error saying it was not supported for vista. But a quick google indicated that you could in fact run it, you just had to run it in compatibility mode.
It ran pretty smoothly, bar a few errors (c:\windows\system32\<filename.dll>) is not registerable or file is corrupted, your version of <filename.dll> is <filename version>. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file.
I suspect this is due to it being run in compatibility mode.

DDS Log
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Toshiba at 9:56:30.13 on Tue 19/04/2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3037.2101 [GMT 10:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: Avira FireWall *Enabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\Toshiba\Desktop\dds.scr
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.toggle.com/en/index.php?rvs=google
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
StartupFolder: c:\users\toshiba\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-1-18 176128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-7-18 181616]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-12-21 41336]
R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-19 135664]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-8 62832]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 181616]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-1-18 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-18 167936]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-1-18 859136]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-1-18 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-4 111960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-23 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\HPx9G2k.sys [2008-5-27 12658]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-1-18 171520]
S3 RTL2831UBDA;REALTEK 2831U BDA Driver;c:\windows\system32\drivers\RTL2831UBDA.sys [2009-8-28 95904]
S3 RTL2831UUSB;REALTEK 2831U USB Driver;c:\windows\system32\drivers\RTL2831UUSB.sys [2009-8-28 32800]
S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-7 685424]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-16 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-28 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-04-18 23:54:50 -------- d-----w- c:\users\toshiba\appdata\local\{A3D17097-7D46-4658-A2E9-1C8B01FF428B}
2011-04-18 23:30:59 -------- d-----w- c:\users\toshiba\appdata\local\{B6340B42-6F72-4335-B92E-7F01C61325B2}
2011-04-18 13:29:26 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-18 13:29:25 -------- d-----w- c:\users\toshiba\appdata\local\temp
2011-04-18 00:53:09 -------- d-----w- c:\users\toshiba\appdata\local\{4F10E9A1-83A0-4F94-90F5-7B60A8350C33}
2011-04-17 00:37:59 -------- d-----w- c:\users\toshiba\appdata\local\{D0303F00-79C5-4D7D-98DA-4B71F40A5497}
2011-04-17 00:11:27 -------- d-----w- c:\users\toshiba\appdata\local\{214B1FBB-3A8C-4BAB-95D3-A43550CCDBAC}
2011-04-16 12:40:33 -------- d-----w- c:\users\toshiba\appdata\local\{38B8862C-4CB7-4F13-84CA-363E6212BC39}
2011-04-16 12:21:07 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-16 12:20:43 -------- d-----w- c:\users\toshiba\appdata\local\Sunbelt Software
2011-04-16 09:05:06 -------- d-----w- c:\users\toshiba\appdata\roaming\SUPERAntiSpyware.com
2011-04-16 09:05:06 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-04-16 09:04:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-16 07:50:56 -------- d-----w- c:\users\toshiba\appdata\local\Apps
2011-04-16 07:10:22 -------- d-----w- c:\users\toshiba\appdata\roaming\Malwarebytes
2011-04-16 07:10:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-16 07:10:17 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-16 07:10:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-16 07:10:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-16 03:56:15 -------- d-----w- c:\users\toshiba\appdata\roaming\ESET
2011-04-16 03:56:15 -------- d-----w- c:\users\toshiba\appdata\local\ESET
2011-04-16 03:54:52 -------- d-----w- c:\program files\ESET
2011-04-16 01:20:22 -------- d-----w- c:\windows\system32\SPReview
2011-04-16 01:18:43 -------- d-----w- c:\windows\system32\EventProviders
2011-04-16 01:18:31 -------- d-----w- C:\63eea4a7df5862e981c292cb
2011-04-16 01:11:59 49488 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-16 01:10:59 325632 ----a-w- c:\windows\system32\slui.exe
2011-04-16 01:09:17 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-16 01:09:17 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-16 01:09:16 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-04-16 01:09:16 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-16 01:09:01 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-16 01:08:50 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-16 01:08:50 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-04-16 01:07:42 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-16 01:07:42 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-15 13:17:39 -------- d-----w- c:\users\toshiba\appdata\local\ToggleEN
2011-04-15 13:17:39 -------- d-----w- c:\users\toshiba\appdata\local\ConduitEngine
2011-04-15 00:47:34 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-15 00:47:34 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 00:47:33 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-15 00:47:29 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 00:47:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 00:47:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 00:47:28 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 00:46:57 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 00:46:54 802304 ----a-w- c:\windows\system32\WFS.exe
2011-04-15 00:46:54 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 00:46:51 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 00:46:48 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 00:46:45 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 00:46:45 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 00:46:41 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 00:46:41 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 00:46:41 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 00:46:41 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 00:40:39 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{dcbb3d6d-8fb2-4c03-ab60-1d9d2226ec02}\mpengine.dll
2011-04-12 00:18:50 -------- d-----w- c:\program files\bfgclient
2011-04-11 07:26:58 92208 ----a-w- c:\windows\system32\WING.DLL
2011-04-11 02:25:25 -------- d-----w- c:\windows\en
2011-04-11 02:23:19 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-11 02:23:19 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-11 02:23:17 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-11 02:17:56 15712 ----a-w- c:\program files\common files\windows live\.cache\ab9b4eb61cbf7ee0d\MeshBetaRemover.exe
2011-04-11 02:11:30 -------- d-----w- c:\progra~2\Big Fish Games
2011-04-11 02:10:00 -------- d-----w- C:\BigFishGamesCache
2011-04-01 23:09:52 -------- d-----w- c:\users\toshiba\appdata\roaming\Heritage Key VX Viewer
2011-03-28 09:28:53 -------- d-----w- c:\progra~2\EPSON
2011-03-25 23:02:26 -------- d-----w- c:\program files\Microsoft
.
==================== Find3M ====================
.
2011-04-16 01:27:18 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-15 13:18:16 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 05:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-02 07:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 9:59:55.35 ===============


ESET Online Scanner Log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=7e95191d6c90cb42923f249b97a18ded
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-19 02:01:52
# local_time=2011-04-19 12:01:52 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 54806694 0 0
# compatibility_mode=8201 22379901 100 100 50660 7522353 0 0
# scanned=265029
# found=1
# cleaned=1
# scan_time=6609
# nod_component=V3 Build:0x30000000
C:\Users\Toshiba\Documents\Downloads\MsgPlusLive-482.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Attached Files

  • Attached File  log.txt   1004bytes   0 downloads
  • Attached File  DDS.txt   19KB   0 downloads


#12 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 19 April 2011 - 02:52 AM

Looks as we might not be able to fix the issue with Avira showing up in the logs.

However is spoted another registry cleaner that I'd suggest you remove.


Registry Mechanic 6.0

------

Upgrading Java:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java :
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 24 .
  • Click the JDK 6 Update 24 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u24-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u24-windows-i586.exe and select "Run as an Administrator.")
[/list]
-------

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    [2011/04/16 17:24:12 | 000,013,492 | -HS- | M] () -- C:\Users\Toshiba\AppData\Local\2901571632
    [2011/04/16 17:24:12 | 000,013,492 | -HS- | M] () -- C:\ProgramData\2901571632
    [2011/04/16 11:51:20 | 000,000,120 | ---- | M] () -- C:\Users\Toshiba\AppData\Local\Kcejonevozujit.dat
    [2011/04/16 10:23:52 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\FrostWire
    [2010/11/24 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\LimeWire
    @Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:A88BE334
    @Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:B73EC53A
    @Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:88981452
    @Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:9732698E
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:938EB9FC
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:A819A132
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0785072C
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:2495D97A
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A5584049
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:9D86EE01
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D47B19A6
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B54E4B5A
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:52C24010
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CA23BCFD
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C0893153
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A1460B2A
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8BE7A048
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:7ADB695A
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:3313A48D
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL fixlog

-------

Was Registry Mechanic removed?


.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#13 CraigWI

CraigWI
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 19 April 2011 - 04:29 AM

Registry mechanic removed via add/remove programs in windows.

OTL fixlog

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
C:\Users\Toshiba\AppData\Local\2901571632 moved successfully.
C:\ProgramData\2901571632 moved successfully.
C:\Users\Toshiba\AppData\Local\Kcejonevozujit.dat moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\xml\data folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\xml folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\themes folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\overlays folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\overlays folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\banners folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\static.frostwire.com folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5128 folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5048 folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5047 folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4147 folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4089 folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4084 folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4055 folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4047 folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4028 folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1218 folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1207 folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\image_cache folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\azureus\torrents folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\azureus\tmp folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\azureus\plugins folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\azureus\net folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\azureus\logs\save folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\azureus\logs folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\azureus\dht folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\azureus\active folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\azureus folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\.NetworkShare folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\FrostWire folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\xml\data folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\xml folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\promotion folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\mozilla-profile\updates\0 folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\mozilla-profile\updates folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\mozilla-profile\extensions folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\mozilla-profile\Cache folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\mozilla-profile folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\certificate folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\res\html folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\res folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\plugins folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\modules folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\greprefs folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\defaults folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\components folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner\chrome folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser\xulrunner folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\browser folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\LimeWire folder moved successfully.
ADS C:\ProgramData\TEMP:A88BE334 deleted successfully.
ADS C:\ProgramData\TEMP:B73EC53A deleted successfully.
ADS C:\ProgramData\TEMP:88981452 deleted successfully.
ADS C:\ProgramData\TEMP:9732698E deleted successfully.
ADS C:\ProgramData\TEMP:938EB9FC deleted successfully.
ADS C:\ProgramData\TEMP:A819A132 deleted successfully.
ADS C:\ProgramData\TEMP:0785072C deleted successfully.
ADS C:\ProgramData\TEMP:2495D97A deleted successfully.
ADS C:\ProgramData\TEMP:A5584049 deleted successfully.
ADS C:\ProgramData\TEMP:9D86EE01 deleted successfully.
ADS C:\ProgramData\TEMP:D47B19A6 deleted successfully.
ADS C:\ProgramData\TEMP:B54E4B5A deleted successfully.
ADS C:\ProgramData\TEMP:52C24010 deleted successfully.
ADS C:\ProgramData\TEMP:CA23BCFD deleted successfully.
ADS C:\ProgramData\TEMP:C0893153 deleted successfully.
ADS C:\ProgramData\TEMP:A1460B2A deleted successfully.
ADS C:\ProgramData\TEMP:8BE7A048 deleted successfully.
ADS C:\ProgramData\TEMP:7ADB695A deleted successfully.
ADS C:\ProgramData\TEMP:3313A48D deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Toshiba
->Temp folder emptied: 451417 bytes
->Temporary Internet Files folder emptied: 18020335 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6166238 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3963 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 24.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Toshiba
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04192011_192250

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Thank you very much again Heir..

Attached Files



#14 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 19 April 2011 - 05:06 AM

Almost done then.

The issue with Avira showing up in those logs isn't that important. It's a leftover.


Hey there, CraigWI !

OK! Well done, your log is clean again! :thumbsup:

Time for some housekeeping.

Step 1.
Clean up:

We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

First:
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    Posted Image

Second:

Double-click OTL to start it.
Click the Clean up button
Click Yes to the reboot.

Now delete any tools/logs that is left over after you ran OTL Clean up.


Step 2.
Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:
Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to download an update.

http://www.adobe.com/products/acrobat/readstep2.html

Remove the older versions and install the latest,

----

Upgrading Java:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java :
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 24 .
  • Click the JDK 6 Update 24 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u24-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u24-windows-i586.exe and select "Run as an Administrator.")
[/list]
Second:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the Internet.
  • Click Apply then OK.


Third:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.


Fourth:
Next lets look at Firewalls. These help to prevent unauthorized access both to and from the Internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system.

Personal Firewalls
Fifth:
On to personal Anti Virus programs.

One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed three free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves.

Anti Virus Programs
Sixth:
Nearly done! If you like to use chat, MSN and Yahoo have vulnerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers
Lastly:
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.


I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#15 CraigWI

CraigWI
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 19 April 2011 - 06:47 AM

Thank you so much heir. I really do appreciate it.

I will be donating to your paypal as soon as the funds clear from my account.

Thanks again :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users