Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJack log... please assist.


  • This topic is locked This topic is locked
19 replies to this topic

#1 itzjusmee

itzjusmee

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 11 November 2011 - 02:57 PM

Well i went back home for a visit for a couple of weeks and left my pc with my roommate only to return home to a computer that was completely hosed (PING.exe being the biggest problem) I got rid of the vast majority of them after countless hours of scanning with avg, spybot, ad-aware, MWB and SAS. However, while i am running Google Chrome and MWB protection i keep getting malicious file behavior pop-up stating Chrome.exe is attempting to send information to said address usually an ip address across many different ports. Not to mention while i am browsing i usually have a hard time pulling up pages i usually get error messages stating i'm not connected to the internet, browser time-outs, dns failures and such. My roommate recently got his own computer to hose (thank god) and his runs perfect online... loads every page no issues at all also my xbox runs seamlessly on Xbox Live as well no disconnects or failures connecting at all which leads me to believe i have a browser hijack on my hands. I've never had to use HiJackThis before so any help would be much appreciated. Thanks in advance.

Attached File  hijackthis.log   9.58KB   1 downloads

EDIT: The same problems arise when i use other browsers as well.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Valued Customer at 15:07:29 on 2011-11-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1765 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
FW: ZoneAlarm Pro Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Valued Customer\Downloads\0d7jzjjc.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.0.30\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.0.30\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - c:\program files\bflixtoolbar\vmntemplateX.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.0.30\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - c:\program files\bflixtoolbar\vmntemplateX.dll
uRun: [<NO NAME>]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\users\valued customer\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [<NO NAME>]
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F51581FD-F85F-42D1-90A8-376360C4347B} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F51581FD-F85F-42D1-90A8-376360C4347B} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F51581FD-F85F-42D1-90A8-376360C4347B}\2456C6B696E6E233632483 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F51581FD-F85F-42D1-90A8-376360C4347B}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.0.30\CoIEPlg.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\valued customer\appdata\roaming\mozilla\firefox\profiles\5vv1xth2.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z134&install_date=20110913
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20110913&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\users\valued customer\appdata\roaming\mozilla\firefox\profiles\5vv1xth2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components

\XPATLCOM.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\valued customer\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\valued customer\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-13 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\drivers\TsLwWfF.sys [2009-10-16 22632]
R1 TsVp;TsVp;c:\windows\system32\drivers\tsvp.sys [2010-6-10 27752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-7-18 123264]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-9-7 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-7 366152]
R2 NiProbeMem;NiProbeMem;c:\windows\system32\drivers\NiProbeMem.SYS [2010-10-19 36864]
R2 VMONI;VMONI Protocol Analyzer;c:\windows\system32\drivers\VMONI.sys [2010-10-19 51200]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-11 22216]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-9-7 167936]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-17 111960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-7 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-5-25 2152152]
S2 necusb;NEC USB Device Service;c:\windows\system32\svchost.exe -k necusb3 [2009-7-13 20992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [2010-4-1 19560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-7 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-5-25 15232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-9-7 171520]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-9-8 51512]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-9 52224]
S3 TsVlb;TsVlb;c:\windows\system32\drivers\tsvlb.sys [2010-4-21 20072]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-10 1343400]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;"c:\users\valued customer\desktop\wmzunecomm.exe" --> c:\users\valued customer\desktop\WMZuneComm.exe [?]
S4 AODService;AODService;c:\program files\amd\overdrive\AODAssist.exe [2010-7-1 136616]
S4 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
S4 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
S4 fbdpinger;fbdpinger;c:\program files\toshiba\toshibafb\fdbpinger.exe [2010-9-7 161136]
S4 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S4 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.0.30\ccSvcHst.exe [2009-8-27 117640]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-9-9 583640]
.
=============== Created Last 30 ================
.
2011-11-11 19:30:14 388096 ----a-r- c:\users\valued customer\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-11 19:30:13 -------- d-----w- c:\program files\Trend Micro
2011-11-11 10:35:30 -------- d-----w- c:\users\valued customer\appdata\roaming\SUPERAntiSpyware.com
2011-11-11 10:35:14 -------- d-----w- c:\programdata\!SASCORE
2011-11-11 10:35:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-11 10:35:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-11 09:13:45 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-11-11 07:07:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-11 01:27:52 -------- d--h--w- C:\$AVG
2011-11-11 00:19:34 -------- d-----w- c:\users\valued customer\appdata\roaming\AVG2012
2011-11-11 00:13:46 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-11 00:13:46 -------- d-----w- c:\programdata\AVG2012
2011-11-11 00:12:48 -------- d-----w- c:\program files\AVG
2011-11-11 00:08:38 -------- d--h--w- c:\programdata\Common Files
2011-11-11 00:08:25 -------- d-----w- c:\programdata\MFAData
2011-11-09 13:24:36 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:24:35 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 13:24:35 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-10-15 04:29:12 -------- d-----w- c:\windows\pss
2011-10-13 14:56:28 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 14:56:28 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 14:56:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 14:56:27 233472 ----a-w- c:\windows\system32\oleacc.dll
.
==================== Find3M ====================
.
2011-11-07 12:26:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21:28 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-15 06:11:08 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.
============= FINISH: 15:08:37.84 ===============

I ran ESET as well and found 6 threats. Here is the log.


C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudC.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8MWRYEOT\40203[1].pdf JS/Exploit.Pdfka.PFU trojan cleaned by deleting - quarantined
C:\Users\Valued Customer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-75e8c041 Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Users\Valued Customer\Downloads\trojankiller2094-setup.exe a variant of Win32/1AntiVirus application deleted - quarantined
C:\Windows\System32\drivers\tdx.sys a variant of Win32/Rootkit.Kryptik.FB trojan unable to clean

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 12 November 2011 - 01:51 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 PM

Posted 13 November 2011 - 11:17 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 itzjusmee

itzjusmee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 14 November 2011 - 02:48 AM

Here is the log posted, no problems running it excepting a few notices regarding rootkits. Seems i had a rootkit attached to my tcp/ip stack :/ Also thank you for taking the time to help out, your help is greatly appreciated. My computer is running fine as we speak, i'll check back tomorrow for more instructions if needed and to post an update on my computer's status.

-----------------------------------------------------------------------------------------------------------------------

ComboFix 11-11-13.03 - Valued Customer 11/13/2011 23:39:19.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.2158 [GMT -5:00]
Running from: c:\users\Valued Customer\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
FW: ZoneAlarm Pro Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - system32: deleted 24 bytes in 2 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\bflixtoolbar\vmNTemplatex.dll
c:\program files\Shop to Win
c:\program files\Shop to Win\unins000.dat
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
c:\users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Uninstall Windows 7 Recovery.lnk
c:\users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Windows 7 Recovery.lnk
c:\windows\$NtUninstallKB21370$
c:\windows\$NtUninstallKB21370$\1267276019\@
c:\windows\$NtUninstallKB21370$\1267276019\bckfg.tmp
c:\windows\$NtUninstallKB21370$\1267276019\cfg.ini
c:\windows\$NtUninstallKB21370$\1267276019\Desktop.ini
c:\windows\$NtUninstallKB21370$\1267276019\keywords
c:\windows\$NtUninstallKB21370$\1267276019\kwrd.dll
c:\windows\$NtUninstallKB21370$\1267276019\L\xadqgnnk
c:\windows\$NtUninstallKB21370$\1267276019\lsflt7.ver
c:\windows\$NtUninstallKB21370$\1267276019\U\00000001.@
c:\windows\$NtUninstallKB21370$\1267276019\U\00000002.@
c:\windows\$NtUninstallKB21370$\1267276019\U\00000004.@
c:\windows\$NtUninstallKB21370$\1267276019\U\80000000.@
c:\windows\$NtUninstallKB21370$\1267276019\U\80000004.@
c:\windows\$NtUninstallKB21370$\1267276019\U\80000032.@
c:\windows\$NtUninstallKB21370$\1779226815
c:\windows\system32\drivers\npf.sys
c:\windows\system32\install
c:\windows\system32\navdpu.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-14 04:58 . 2011-11-14 05:06 -------- d-----w- c:\users\Valued Customer\AppData\Local\temp
2011-11-14 04:58 . 2011-11-14 04:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-12 00:42 . 2011-11-12 00:42 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-11 21:02 . 2011-11-11 21:02 -------- d-----w- c:\program files\ESET
2011-11-11 19:30 . 2011-11-11 19:30 388096 ----a-r- c:\users\Valued Customer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-11 19:30 . 2011-11-11 19:30 -------- d-----w- c:\program files\Trend Micro
2011-11-11 10:35 . 2011-11-11 10:35 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\SUPERAntiSpyware.com
2011-11-11 10:35 . 2011-11-11 10:35 -------- d-----w- c:\programdata\!SASCORE
2011-11-11 10:35 . 2011-11-12 00:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-11 10:35 . 2011-11-11 10:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-11 09:13 . 2011-11-12 00:51 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-11-11 07:07 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-11 01:27 . 2011-11-11 01:27 -------- d-----w- C:\$AVG
2011-11-11 00:19 . 2011-11-11 00:19 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\AVG2012
2011-11-11 00:13 . 2011-11-14 01:08 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-11 00:13 . 2011-11-11 00:29 -------- d-----w- c:\programdata\AVG2012
2011-11-11 00:12 . 2011-11-11 00:12 -------- d-----w- c:\program files\AVG
2011-11-11 00:08 . 2011-11-11 00:08 -------- d--h--w- c:\programdata\Common Files
2011-11-11 00:08 . 2011-11-14 01:08 -------- d-----w- c:\programdata\MFAData
2011-11-10 08:13 . 2011-11-10 08:13 -------- d-----w- c:\windows\Sun
2011-11-09 13:24 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:24 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 13:24 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 00:45 . 2011-03-09 23:30 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-11-07 12:26 . 2011-05-16 16:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21 . 2011-10-04 11:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-01 02:35 . 2011-10-14 11:01 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-14 11:01 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-14 11:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 07:34 . 2011-08-31 07:34 0 ---ha-w- c:\users\Valued Customer\AppData\Local\BIT821A.tmp
2011-08-27 04:26 . 2011-10-13 14:56 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-13 14:56 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-19 13:49 . 2011-08-19 13:49 0 ---ha-w- c:\users\Valued Customer\AppData\Local\BITBA32.tmp
2011-08-17 04:24 . 2011-10-13 14:56 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 04:19 . 2011-10-13 14:56 75776 ----a-w- c:\windows\system32\psisrndr.ax
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-12 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\startupfolder\C:^Users^Valued Customer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-09-09 06:31 137536 ----atw- c:\users\Valued Customer\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-07 06:44 135664 ----atw- c:\users\Valued Customer\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2009-01-14 04:33 34088 ----a-w- c:\program files\TOSHIBA\Utilities\KeNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-08-22 05:18 6276408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2010-11-19 18:38 193880 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-12-20 17:03 697856 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
2009-09-22 17:42 544768 ----a-w- c:\program files\Nokia\PC Internet Access\NPCIA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 15:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 21:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2010-08-05 12:46 104408 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-28 04:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-07-21 00:46 1545512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R2 necusb;NEC USB Device Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 cpuz126;cpuz126;c:\users\VALUED~1\AppData\Local\Temp\cpuz.sys [x]
R3 cpuz134;cpuz134;c:\users\VALUED~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [2010-04-01 19560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-05-25 15232]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [2010-04-21 20072]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 100496]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-10 1343400]
R3 WinPhlash;WinPhlash;c:\windows\TEMP\WINPHLASH\PHLASHNT.SYS [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\users\Valued Customer\Desktop\WMZuneComm.exe [x]
R4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [2010-07-01 136616]
R4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
R4 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R4 fbdpinger;fbdpinger;c:\program files\Toshiba\ToshibaFB\fdbpinger.exe [2008-07-30 161136]
R4 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [2009-08-28 117640]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-05-25 64512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-08 691696]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\DRIVERS\TsLwWfF.sys [2009-11-12 22632]
S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [2010-06-15 27752]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-08-05 143184]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-08-05 41936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-11-12 116608]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NiProbeMem;NiProbeMem;c:\windows\system32\drivers\NiProbeMem.SYS [2010-10-19 36864]
S2 VMONI;VMONI Protocol Analyzer;c:\windows\system32\DRIVERS\VMONI.sys [2010-10-19 51200]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-08-05 111312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
necusb3 REG_MULTI_SZ necusb
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 07:40]
.
2011-11-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3518940427-3045449399-784693766-1002Core.job
- c:\users\Valued Customer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-09 06:31]
.
2011-11-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3518940427-3045449399-784693766-1002UA.job
- c:\users\Valued Customer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-09 06:31]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 06:44]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 06:44]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3518940427-3045449399-784693766-1002Core.job
- c:\users\Valued Customer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-12 06:44]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3518940427-3045449399-784693766-1002UA.job
- c:\users\Valued Customer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-12 06:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F51581FD-F85F-42D1-90A8-376360C4347B}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z134&install_date=20110913
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20110913&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-37221415.sys
MSConfigStartUp-Bing Bar - c:\program files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
MSConfigStartUp-ClickPotatoLiteSA - c:\program files\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSA.exe
MSConfigStartUp-Security Protection - c:\users\Valued Customer\AppData\Roaming\defender.exe
MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MSConfigStartUp-Zune Launcher - c:\users\Valued Customer\Desktop\ZuneLauncher.exe
AddRemove-Windows Media Player 11 - For Windows 7 11.0.6001.7000 - c:\program files\Windows Media Player\Uninstall.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
AddRemove-Zune - c:\users\Valued Customer\Desktop\ZuneSetup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.0.30\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3518940427-3045449399-784693766-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF0DDD11-D2CA-B328-2AF3-DE5C4727C618}*]
"bbjpkobhammnppljokegadbbjjajaakbbope"=hex:61,62,65,6e,69,68,61,6e,66,6a,62,62,
6c,6f,66,70,6e,6d,68,6a,69,6c,6f,6b,65,66,6f,6e,64,6b,66,6f,6f,6f,00,66
"abjpkobhammnppljokfgbegpkofnedfkcm"=hex:65,62,6a,70,6c,61,63,69,61,6a,67,6f,
6f,6a,6e,62,6f,65,6a,61,6b,6c,6d,6e,6a,68,62,61,69,66,62,64,62,62,65,66,6d,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(140)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\atieclxx.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-11-14 00:29:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-14 05:29
.
Pre-Run: 25,354,985,472 bytes free
Post-Run: 26,034,393,088 bytes free
.
- - End Of File - - E646464F0EE0713AC17813125927988E

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 PM

Posted 14 November 2011 - 03:38 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

RegNull::
[HKEY_USERS\S-1-5-21-3518940427-3045449399-784693766-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF0DDD11-D2CA-B328-2AF3-DE5C4727C618}*]


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 itzjusmee

itzjusmee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 14 November 2011 - 11:39 AM

I ran the custom script/combofix as asked and it ran fine, but i'm still experiencing some of the same browser issues that i was having problems with before. only not as frequent as they were. here is the log.

-----------------------------------------------------------------------------------------------------------------------


ComboFix 11-11-13.03 - Valued Customer 11/14/2011 11:03:46.2.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1847 [GMT -5:00]
Running from: c:\users\Valued Customer\Desktop\ComboFix.exe
Command switches used :: c:\users\Valued Customer\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
FW: ZoneAlarm Pro Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-14 16:14 . 2011-11-14 16:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-11-14 16:14 . 2011-11-14 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-14 04:58 . 2011-11-14 16:14 -------- d-----w- c:\users\Valued Customer\AppData\Local\temp
2011-11-12 00:42 . 2011-11-12 00:42 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-11 21:02 . 2011-11-11 21:02 -------- d-----w- c:\program files\ESET
2011-11-11 19:30 . 2011-11-11 19:30 388096 ----a-r- c:\users\Valued Customer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-11 19:30 . 2011-11-11 19:30 -------- d-----w- c:\program files\Trend Micro
2011-11-11 10:35 . 2011-11-11 10:35 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\SUPERAntiSpyware.com
2011-11-11 10:35 . 2011-11-11 10:35 -------- d-----w- c:\programdata\!SASCORE
2011-11-11 10:35 . 2011-11-12 00:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-11 10:35 . 2011-11-11 10:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-11 09:13 . 2011-11-12 00:51 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-11-11 07:07 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-11 01:27 . 2011-11-11 01:27 -------- d-----w- C:\$AVG
2011-11-11 00:19 . 2011-11-11 00:19 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\AVG2012
2011-11-11 00:13 . 2011-11-14 16:02 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-11 00:13 . 2011-11-11 00:29 -------- d-----w- c:\programdata\AVG2012
2011-11-11 00:12 . 2011-11-11 00:12 -------- d-----w- c:\program files\AVG
2011-11-11 00:08 . 2011-11-11 00:08 -------- d--h--w- c:\programdata\Common Files
2011-11-11 00:08 . 2011-11-14 16:02 -------- d-----w- c:\programdata\MFAData
2011-11-10 08:13 . 2011-11-10 08:13 -------- d-----w- c:\windows\Sun
2011-11-09 13:24 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:24 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 13:24 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 00:45 . 2011-03-09 23:30 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-11-07 12:26 . 2011-05-16 16:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21 . 2011-10-04 11:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-01 02:35 . 2011-10-14 11:01 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-14 11:01 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-14 11:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 07:34 . 2011-08-31 07:34 0 ---ha-w- c:\users\Valued Customer\AppData\Local\BIT821A.tmp
2011-08-27 04:26 . 2011-10-13 14:56 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-13 14:56 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-19 13:49 . 2011-08-19 13:49 0 ---ha-w- c:\users\Valued Customer\AppData\Local\BITBA32.tmp
2011-08-17 04:24 . 2011-10-13 14:56 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 04:19 . 2011-10-13 14:56 75776 ----a-w- c:\windows\system32\psisrndr.ax
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-14_05.05.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-09-10 07:17 . 2011-11-14 05:02 262144 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2010-09-10 07:17 . 2011-11-14 15:51 262144 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:47 . 2011-11-14 08:13 314708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-11-14 04:34 314708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-12 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\startupfolder\C:^Users^Valued Customer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-09-09 06:31 137536 ----atw- c:\users\Valued Customer\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-07 06:44 135664 ----atw- c:\users\Valued Customer\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2009-01-14 04:33 34088 ----a-w- c:\program files\TOSHIBA\Utilities\KeNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-08-22 05:18 6276408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2010-11-19 18:38 193880 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-12-20 17:03 697856 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
2009-09-22 17:42 544768 ----a-w- c:\program files\Nokia\PC Internet Access\NPCIA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 15:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 21:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2010-08-05 12:46 104408 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-28 04:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-07-21 00:46 1545512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R2 necusb;NEC USB Device Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 cpuz126;cpuz126;c:\users\VALUED~1\AppData\Local\Temp\cpuz.sys [x]
R3 cpuz134;cpuz134;c:\users\VALUED~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [2010-04-01 19560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 135664]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [2010-04-21 20072]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 100496]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-10 1343400]
R3 WinPhlash;WinPhlash;c:\windows\TEMP\WINPHLASH\PHLASHNT.SYS [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\users\Valued Customer\Desktop\WMZuneComm.exe [x]
R4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [2010-07-01 136616]
R4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
R4 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R4 fbdpinger;fbdpinger;c:\program files\Toshiba\ToshibaFB\fdbpinger.exe [2008-07-30 161136]
R4 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [2009-08-28 117640]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-05-25 64512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-08 691696]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\DRIVERS\TsLwWfF.sys [2009-11-12 22632]
S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [2010-06-15 27752]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-08-05 143184]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-08-05 41936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-11-12 116608]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NiProbeMem;NiProbeMem;c:\windows\system32\drivers\NiProbeMem.SYS [2010-10-19 36864]
S2 VMONI;VMONI Protocol Analyzer;c:\windows\system32\DRIVERS\VMONI.sys [2010-10-19 51200]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-05-25 15232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-08-05 111312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
necusb3 REG_MULTI_SZ necusb
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 07:40]
.
2011-11-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3518940427-3045449399-784693766-1002Core.job
- c:\users\Valued Customer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-09 06:31]
.
2011-11-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3518940427-3045449399-784693766-1002UA.job
- c:\users\Valued Customer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-09 06:31]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 06:44]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 06:44]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3518940427-3045449399-784693766-1002Core.job
- c:\users\Valued Customer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-12 06:44]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3518940427-3045449399-784693766-1002UA.job
- c:\users\Valued Customer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-12 06:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F51581FD-F85F-42D1-90A8-376360C4347B}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z134&install_date=20110913
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20110913&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.0.30\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-14 11:29:00
ComboFix-quarantined-files.txt 2011-11-14 16:28
ComboFix2.txt 2011-11-14 05:29
.
Pre-Run: 26,253,697,024 bytes free
Post-Run: 26,033,041,408 bytes free
.
- - End Of File - - A801680865F9D39ECCA92D7450471516

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 PM

Posted 14 November 2011 - 01:13 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 itzjusmee

itzjusmee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 14 November 2011 - 01:21 PM

13:18:41.0688 5524 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
13:18:41.0928 5524 ============================================================
13:18:41.0928 5524 Current date / time: 2011/11/14 13:18:41.0928
13:18:41.0928 5524 SystemInfo:
13:18:41.0928 5524
13:18:41.0928 5524 OS Version: 6.1.7601 ServicePack: 1.0
13:18:41.0928 5524 Product type: Workstation
13:18:41.0928 5524 ComputerName: WIN-8MBDEOE42A7
13:18:41.0958 5524 UserName: Valued Customer
13:18:41.0958 5524 Windows directory: C:\windows
13:18:41.0958 5524 System windows directory: C:\windows
13:18:41.0958 5524 Processor architecture: Intel x86
13:18:41.0958 5524 Number of processors: 1
13:18:41.0958 5524 Page size: 0x1000
13:18:41.0958 5524 Boot type: Normal boot
13:18:41.0958 5524 ============================================================
13:18:43.0548 5524 Initialize success
13:18:56.0495 5224 ============================================================
13:18:56.0495 5224 Scan started
13:18:56.0495 5224 Mode: Manual;
13:18:56.0495 5224 ============================================================
13:18:57.0315 5224 130A608 - ok
13:18:57.0415 5224 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
13:18:57.0435 5224 1394ohci - ok
13:18:57.0645 5224 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
13:18:57.0645 5224 ACPI - ok
13:18:57.0715 5224 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
13:18:57.0725 5224 AcpiPmi - ok
13:18:57.0885 5224 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
13:18:57.0895 5224 adp94xx - ok
13:18:58.0035 5224 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
13:18:58.0035 5224 adpahci - ok
13:18:58.0088 5224 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
13:18:58.0092 5224 adpu320 - ok
13:18:58.0366 5224 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
13:18:58.0372 5224 AFD - ok
13:18:58.0531 5224 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
13:18:58.0544 5224 AgereSoftModem - ok
13:18:58.0739 5224 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
13:18:58.0742 5224 agp440 - ok
13:18:58.0921 5224 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
13:18:58.0924 5224 aic78xx - ok
13:18:59.0186 5224 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
13:18:59.0186 5224 aliide - ok
13:18:59.0456 5224 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
13:18:59.0456 5224 amdagp - ok
13:18:59.0616 5224 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
13:18:59.0646 5224 amdide - ok
13:18:59.0686 5224 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
13:18:59.0686 5224 AmdK8 - ok
13:18:59.0886 5224 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
13:18:59.0886 5224 AmdPPM - ok
13:18:59.0966 5224 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
13:18:59.0966 5224 amdsata - ok
13:19:00.0136 5224 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
13:19:00.0186 5224 amdsbs - ok
13:19:00.0316 5224 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
13:19:00.0316 5224 amdxata - ok
13:19:00.0506 5224 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
13:19:00.0516 5224 AppID - ok
13:19:00.0696 5224 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
13:19:00.0696 5224 arc - ok
13:19:00.0736 5224 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
13:19:00.0746 5224 arcsas - ok
13:19:00.0966 5224 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
13:19:00.0966 5224 AsyncMac - ok
13:19:01.0036 5224 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
13:19:01.0036 5224 atapi - ok
13:19:01.0396 5224 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\windows\system32\DRIVERS\atikmdag.sys
13:19:01.0496 5224 atikmdag - ok
13:19:01.0656 5224 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys
13:19:01.0666 5224 AtiPcie - ok
13:19:01.0886 5224 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
13:19:01.0896 5224 AVGIDSDriver - ok
13:19:02.0046 5224 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
13:19:02.0056 5224 AVGIDSEH - ok
13:19:02.0086 5224 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
13:19:02.0086 5224 AVGIDSFilter - ok
13:19:02.0126 5224 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\windows\system32\DRIVERS\AVGIDSShim.Sys
13:19:02.0126 5224 AVGIDSShim - ok
13:19:02.0273 5224 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\windows\system32\DRIVERS\avgldx86.sys
13:19:02.0277 5224 Avgldx86 - ok
13:19:02.0304 5224 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\windows\system32\DRIVERS\avgmfx86.sys
13:19:02.0324 5224 Avgmfx86 - ok
13:19:02.0494 5224 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\windows\system32\DRIVERS\avgrkx86.sys
13:19:02.0496 5224 Avgrkx86 - ok
13:19:02.0559 5224 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\windows\system32\DRIVERS\avgtdix.sys
13:19:02.0598 5224 Avgtdix - ok
13:19:02.0813 5224 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
13:19:02.0840 5224 b06bdrv - ok
13:19:02.0966 5224 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
13:19:02.0970 5224 b57nd60x - ok
13:19:03.0149 5224 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
13:19:03.0149 5224 Beep - ok
13:19:03.0379 5224 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
13:19:03.0379 5224 blbdrive - ok
13:19:03.0619 5224 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
13:19:03.0629 5224 bowser - ok
13:19:03.0689 5224 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
13:19:03.0689 5224 BrFiltLo - ok
13:19:03.0839 5224 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
13:19:03.0849 5224 BrFiltUp - ok
13:19:03.0989 5224 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
13:19:03.0989 5224 Bridge - ok
13:19:04.0009 5224 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
13:19:04.0009 5224 BridgeMP - ok
13:19:04.0079 5224 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
13:19:04.0089 5224 Brserid - ok
13:19:04.0189 5224 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
13:19:04.0189 5224 BrSerWdm - ok
13:19:04.0259 5224 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
13:19:04.0259 5224 BrUsbMdm - ok
13:19:04.0289 5224 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
13:19:04.0289 5224 BrUsbSer - ok
13:19:04.0409 5224 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
13:19:04.0419 5224 BTHMODEM - ok
13:19:04.0589 5224 catchme - ok
13:19:04.0729 5224 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
13:19:04.0729 5224 cdfs - ok
13:19:04.0829 5224 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
13:19:04.0829 5224 cdrom - ok
13:19:05.0049 5224 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
13:19:05.0049 5224 circlass - ok
13:19:05.0229 5224 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
13:19:05.0229 5224 CLFS - ok
13:19:05.0449 5224 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
13:19:05.0449 5224 CmBatt - ok
13:19:05.0519 5224 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
13:19:05.0519 5224 cmdide - ok
13:19:05.0719 5224 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
13:19:05.0719 5224 CNG - ok
13:19:05.0879 5224 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
13:19:05.0879 5224 Compbatt - ok
13:19:06.0049 5224 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
13:19:06.0049 5224 CompositeBus - ok
13:19:06.0219 5224 cpuz126 - ok
13:19:06.0299 5224 cpuz134 - ok
13:19:06.0419 5224 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
13:19:06.0429 5224 crcdisk - ok
13:19:06.0609 5224 CV2K1 (9149ae69296322678ae3ad5d2bfb88bc) C:\windows\system32\DRIVERS\cv2k1.sys
13:19:06.0609 5224 CV2K1 - ok
13:19:06.0769 5224 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
13:19:06.0769 5224 DfsC - ok
13:19:06.0879 5224 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
13:19:06.0879 5224 discache - ok
13:19:06.0939 5224 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
13:19:06.0949 5224 Disk - ok
13:19:06.0999 5224 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
13:19:06.0999 5224 drmkaud - ok
13:19:07.0179 5224 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
13:19:07.0189 5224 DXGKrnl - ok
13:19:07.0419 5224 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
13:19:07.0509 5224 ebdrv - ok
13:19:07.0739 5224 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
13:19:07.0739 5224 elxstor - ok
13:19:07.0889 5224 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
13:19:07.0889 5224 ErrDev - ok
13:19:08.0089 5224 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
13:19:08.0089 5224 exfat - ok
13:19:08.0249 5224 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
13:19:08.0249 5224 fastfat - ok
13:19:08.0329 5224 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
13:19:08.0329 5224 fdc - ok
13:19:08.0449 5224 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
13:19:08.0459 5224 FileInfo - ok
13:19:08.0479 5224 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
13:19:08.0489 5224 Filetrace - ok
13:19:08.0509 5224 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
13:19:08.0509 5224 flpydisk - ok
13:19:08.0559 5224 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
13:19:08.0559 5224 FltMgr - ok
13:19:08.0679 5224 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
13:19:08.0679 5224 FsDepends - ok
13:19:08.0729 5224 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
13:19:08.0729 5224 Fs_Rec - ok
13:19:08.0919 5224 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
13:19:09.0009 5224 fvevol - ok
13:19:09.0079 5224 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
13:19:09.0079 5224 gagp30kx - ok
13:19:09.0299 5224 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
13:19:09.0309 5224 hcw85cir - ok
13:19:09.0509 5224 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
13:19:09.0519 5224 HdAudAddService - ok
13:19:09.0569 5224 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
13:19:09.0579 5224 HDAudBus - ok
13:19:09.0619 5224 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
13:19:09.0619 5224 HidBatt - ok
13:19:09.0759 5224 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
13:19:09.0759 5224 HidBth - ok
13:19:09.0799 5224 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
13:19:09.0809 5224 HidIr - ok
13:19:09.0969 5224 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
13:19:09.0969 5224 HidUsb - ok
13:19:10.0059 5224 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
13:19:10.0059 5224 HpSAMD - ok
13:19:10.0179 5224 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
13:19:10.0189 5224 HTTP - ok
13:19:10.0299 5224 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
13:19:10.0299 5224 hwpolicy - ok
13:19:10.0399 5224 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
13:19:10.0399 5224 i8042prt - ok
13:19:10.0539 5224 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
13:19:10.0539 5224 iaStorV - ok
13:19:10.0609 5224 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
13:19:10.0609 5224 iirsp - ok
13:19:10.0769 5224 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
13:19:10.0799 5224 IntcAzAudAddService - ok
13:19:10.0939 5224 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
13:19:10.0939 5224 intelide - ok
13:19:11.0009 5224 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
13:19:11.0009 5224 intelppm - ok
13:19:11.0169 5224 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
13:19:11.0179 5224 IPMIDRV - ok
13:19:11.0319 5224 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
13:19:11.0319 5224 IPNAT - ok
13:19:11.0399 5224 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
13:19:11.0399 5224 IRENUM - ok
13:19:11.0539 5224 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
13:19:11.0539 5224 isapnp - ok
13:19:11.0589 5224 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
13:19:11.0589 5224 iScsiPrt - ok
13:19:11.0629 5224 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
13:19:11.0629 5224 kbdclass - ok
13:19:11.0779 5224 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\DRIVERS\kbdhid.sys
13:19:11.0779 5224 kbdhid - ok
13:19:11.0859 5224 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
13:19:11.0859 5224 KSecDD - ok
13:19:11.0989 5224 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
13:19:11.0999 5224 KSecPkg - ok
13:19:12.0239 5224 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
13:19:12.0239 5224 Lavasoft Kernexplorer - ok
13:19:12.0399 5224 Lbd (336abe8721cbc3110f1c6426da633417) C:\windows\system32\DRIVERS\Lbd.sys
13:19:12.0399 5224 Lbd - ok
13:19:12.0639 5224 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
13:19:12.0639 5224 lltdio - ok
13:19:12.0749 5224 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys
13:19:12.0749 5224 LPCFilter - ok
13:19:12.0899 5224 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
13:19:12.0899 5224 LSI_FC - ok
13:19:12.0939 5224 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
13:19:12.0939 5224 LSI_SAS - ok
13:19:13.0059 5224 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
13:19:13.0059 5224 LSI_SAS2 - ok
13:19:13.0099 5224 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
13:19:13.0109 5224 LSI_SCSI - ok
13:19:13.0279 5224 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
13:19:13.0279 5224 luafv - ok
13:19:13.0449 5224 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\windows\system32\drivers\mbam.sys
13:19:13.0449 5224 MBAMProtector - ok
13:19:13.0559 5224 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
13:19:13.0559 5224 megasas - ok
13:19:13.0709 5224 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
13:19:13.0709 5224 MegaSR - ok
13:19:13.0779 5224 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
13:19:13.0779 5224 Modem - ok
13:19:13.0949 5224 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
13:19:13.0949 5224 monitor - ok
13:19:14.0099 5224 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
13:19:14.0109 5224 mouclass - ok
13:19:14.0199 5224 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
13:19:14.0219 5224 mouhid - ok
13:19:14.0309 5224 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
13:19:14.0309 5224 mountmgr - ok
13:19:14.0429 5224 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
13:19:14.0439 5224 mpio - ok
13:19:14.0559 5224 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
13:19:14.0569 5224 mpsdrv - ok
13:19:14.0649 5224 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
13:19:14.0659 5224 MRxDAV - ok
13:19:14.0809 5224 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
13:19:14.0849 5224 mrxsmb - ok
13:19:15.0009 5224 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
13:19:15.0009 5224 mrxsmb10 - ok
13:19:15.0079 5224 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
13:19:15.0079 5224 mrxsmb20 - ok
13:19:15.0389 5224 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
13:19:15.0389 5224 msahci - ok
13:19:15.0539 5224 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
13:19:15.0549 5224 msdsm - ok
13:19:15.0779 5224 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
13:19:15.0779 5224 Msfs - ok
13:19:15.0829 5224 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
13:19:15.0829 5224 mshidkmdf - ok
13:19:15.0919 5224 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
13:19:15.0919 5224 msisadrv - ok
13:19:16.0049 5224 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
13:19:16.0049 5224 MSKSSRV - ok
13:19:16.0119 5224 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
13:19:16.0119 5224 MSPCLOCK - ok
13:19:16.0259 5224 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
13:19:16.0259 5224 MSPQM - ok
13:19:16.0349 5224 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
13:19:16.0349 5224 MsRPC - ok
13:19:16.0489 5224 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
13:19:16.0489 5224 mssmbios - ok
13:19:16.0539 5224 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
13:19:16.0539 5224 MSTEE - ok
13:19:16.0659 5224 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
13:19:16.0669 5224 MTConfig - ok
13:19:16.0709 5224 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
13:19:16.0719 5224 Mup - ok
13:19:16.0769 5224 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
13:19:16.0769 5224 NativeWifiP - ok
13:19:16.0899 5224 NAVENG - ok
13:19:16.0919 5224 NAVEX15 - ok
13:19:17.0069 5224 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
13:19:17.0079 5224 NDIS - ok
13:19:17.0179 5224 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
13:19:17.0179 5224 NdisCap - ok
13:19:17.0239 5224 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
13:19:17.0239 5224 NdisTapi - ok
13:19:17.0463 5224 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
13:19:17.0465 5224 Ndisuio - ok
13:19:17.0573 5224 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
13:19:17.0578 5224 NdisWan - ok
13:19:17.0748 5224 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
13:19:17.0751 5224 NDProxy - ok
13:19:18.0007 5224 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
13:19:18.0010 5224 NetBIOS - ok
13:19:18.0183 5224 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
13:19:18.0189 5224 NetBT - ok
13:19:18.0276 5224 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
13:19:18.0278 5224 nfrd960 - ok
13:19:18.0438 5224 NiProbeMem (980925c78693d661e8b97aa4c76eee1b) C:\windows\system32\drivers\NiProbeMem.SYS
13:19:18.0438 5224 NiProbeMem - ok
13:19:18.0568 5224 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\windows\system32\drivers\ccdcmb.sys
13:19:18.0578 5224 nmwcd - ok
13:19:18.0698 5224 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\windows\system32\drivers\ccdcmbo.sys
13:19:18.0708 5224 nmwcdc - ok
13:19:18.0878 5224 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
13:19:18.0888 5224 Npfs - ok
13:19:18.0988 5224 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
13:19:18.0998 5224 nsiproxy - ok
13:19:19.0158 5224 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
13:19:19.0168 5224 Ntfs - ok
13:19:19.0298 5224 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
13:19:19.0298 5224 Null - ok
13:19:19.0408 5224 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
13:19:19.0408 5224 nvraid - ok
13:19:19.0508 5224 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
13:19:19.0508 5224 nvstor - ok
13:19:19.0638 5224 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
13:19:19.0638 5224 nv_agp - ok
13:19:19.0828 5224 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
13:19:19.0828 5224 ohci1394 - ok
13:19:19.0918 5224 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
13:19:19.0918 5224 Parport - ok
13:19:20.0068 5224 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
13:19:20.0068 5224 partmgr - ok
13:19:20.0188 5224 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
13:19:20.0188 5224 Parvdm - ok
13:19:20.0328 5224 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\windows\system32\DRIVERS\pccsmcfd.sys
13:19:20.0328 5224 pccsmcfd - ok
13:19:20.0478 5224 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
13:19:20.0478 5224 pci - ok
13:19:20.0518 5224 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
13:19:20.0518 5224 pciide - ok
13:19:20.0648 5224 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
13:19:20.0648 5224 pcmcia - ok
13:19:20.0838 5224 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
13:19:20.0838 5224 pcw - ok
13:19:20.0898 5224 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
13:19:20.0908 5224 PEAUTH - ok
13:19:21.0108 5224 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
13:19:21.0118 5224 PptpMiniport - ok
13:19:21.0148 5224 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
13:19:21.0148 5224 Processor - ok
13:19:21.0268 5224 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
13:19:21.0268 5224 Psched - ok
13:19:21.0598 5224 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
13:19:21.0618 5224 ql2300 - ok
13:19:21.0768 5224 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
13:19:21.0778 5224 ql40xx - ok
13:19:21.0958 5224 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
13:19:21.0958 5224 QWAVEdrv - ok
13:19:22.0138 5224 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
13:19:22.0138 5224 RasAcd - ok
13:19:22.0238 5224 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
13:19:22.0238 5224 RasAgileVpn - ok
13:19:22.0458 5224 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
13:19:22.0468 5224 Rasl2tp - ok
13:19:22.0678 5224 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
13:19:22.0678 5224 RasPppoe - ok
13:19:22.0718 5224 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
13:19:22.0718 5224 RasSstp - ok
13:19:22.0938 5224 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
13:19:22.0948 5224 rdbss - ok
13:19:22.0998 5224 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
13:19:22.0998 5224 rdpbus - ok
13:19:23.0148 5224 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
13:19:23.0158 5224 RDPCDD - ok
13:19:23.0328 5224 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
13:19:23.0328 5224 RDPENCDD - ok
13:19:23.0378 5224 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
13:19:23.0378 5224 RDPREFMP - ok
13:19:23.0518 5224 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
13:19:23.0558 5224 RDPWD - ok
13:19:23.0628 5224 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
13:19:23.0658 5224 rdyboost - ok
13:19:23.0878 5224 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\windows\system32\Drivers\RimUsb.sys
13:19:23.0878 5224 RimUsb - ok
13:19:24.0108 5224 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
13:19:24.0108 5224 rspndr - ok
13:19:24.0188 5224 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\system32\Drivers\RtsUStor.sys
13:19:24.0198 5224 RSUSBSTOR - ok
13:19:24.0358 5224 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys
13:19:24.0358 5224 RTL8167 - ok
13:19:24.0498 5224 RTL8187Se (e48daf453d773a89a44134ce4ba9af44) C:\windows\system32\DRIVERS\RTL8187Se.sys
13:19:24.0508 5224 RTL8187Se - ok
13:19:24.0548 5224 RtsUIR - ok
13:19:24.0698 5224 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:19:24.0698 5224 SASDIFSV - ok
13:19:24.0718 5224 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:19:24.0718 5224 SASKUTIL - ok
13:19:24.0918 5224 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
13:19:24.0918 5224 sbp2port - ok
13:19:24.0998 5224 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
13:19:24.0998 5224 scfilter - ok
13:19:25.0188 5224 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
13:19:25.0198 5224 secdrv - ok
13:19:25.0278 5224 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
13:19:25.0278 5224 Serenum - ok
13:19:25.0308 5224 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
13:19:25.0308 5224 Serial - ok
13:19:25.0458 5224 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
13:19:25.0461 5224 sermouse - ok
13:19:25.0679 5224 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
13:19:25.0681 5224 sffdisk - ok
13:19:25.0839 5224 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
13:19:25.0876 5224 sffp_mmc - ok
13:19:25.0907 5224 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
13:19:25.0911 5224 sffp_sd - ok
13:19:25.0991 5224 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
13:19:25.0993 5224 sfloppy - ok
13:19:26.0247 5224 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
13:19:26.0249 5224 sisagp - ok
13:19:26.0347 5224 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
13:19:26.0350 5224 SiSRaid2 - ok
13:19:26.0493 5224 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
13:19:26.0503 5224 SiSRaid4 - ok
13:19:26.0573 5224 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
13:19:26.0573 5224 Smb - ok
13:19:26.0733 5224 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
13:19:26.0743 5224 spldr - ok
13:19:26.0943 5224 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\system32\Drivers\sptd.sys
13:19:26.0943 5224 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
13:19:26.0943 5224 sptd ( LockedFile.Multi.Generic ) - warning
13:19:26.0943 5224 sptd - detected LockedFile.Multi.Generic (1)
13:19:27.0093 5224 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\windows\system32\drivers\NIS\1007000.01E\SRTSP.SYS
13:19:27.0103 5224 SRTSP - ok
13:19:27.0253 5224 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\windows\system32\drivers\NIS\1007000.01E\SRTSPX.SYS
13:19:27.0253 5224 SRTSPX - ok
13:19:27.0323 5224 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
13:19:27.0333 5224 srv - ok
13:19:27.0483 5224 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
13:19:27.0483 5224 srv2 - ok
13:19:27.0513 5224 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
13:19:27.0513 5224 srvnet - ok
13:19:27.0593 5224 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
13:19:27.0593 5224 stexstor - ok
13:19:27.0753 5224 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
13:19:27.0793 5224 swenum - ok
13:19:28.0023 5224 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
13:19:28.0023 5224 SynTP - ok
13:19:28.0163 5224 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
13:19:28.0183 5224 Tcpip - ok
13:19:28.0373 5224 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
13:19:28.0383 5224 TCPIP6 - ok
13:19:28.0593 5224 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
13:19:28.0593 5224 tcpipreg - ok
13:19:28.0793 5224 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
13:19:28.0803 5224 tdcmdpst - ok
13:19:28.0873 5224 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
13:19:28.0873 5224 TDPIPE - ok
13:19:29.0062 5224 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
13:19:29.0065 5224 TDTCP - ok
13:19:29.0282 5224 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
13:19:29.0285 5224 tdx - ok
13:19:29.0468 5224 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
13:19:29.0472 5224 TermDD - ok
13:19:29.0714 5224 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
13:19:29.0719 5224 tos_sps32 - ok
13:19:29.0901 5224 TsLwWfF (d61b3fc65e4dd1fd78229800406831a5) C:\windows\system32\DRIVERS\TsLwWfF.sys
13:19:29.0903 5224 TsLwWfF - ok
13:19:30.0084 5224 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
13:19:30.0086 5224 tssecsrv - ok
13:19:30.0306 5224 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
13:19:30.0309 5224 TsUsbFlt - ok
13:19:30.0363 5224 TsVlb (c1a05afcf5411474bca342d7710d0ffa) C:\windows\system32\DRIVERS\tsvlb.sys
13:19:30.0365 5224 TsVlb - ok
13:19:30.0517 5224 TsVp (1df40dfd31ae29c0216c6cd40cc04e1a) C:\windows\system32\DRIVERS\tsvp.sys
13:19:30.0519 5224 TsVp - ok
13:19:30.0615 5224 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
13:19:30.0625 5224 tunnel - ok
13:19:30.0755 5224 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
13:19:30.0755 5224 TVALZ - ok
13:19:30.0805 5224 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
13:19:30.0805 5224 uagp35 - ok
13:19:30.0945 5224 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
13:19:30.0955 5224 udfs - ok
13:19:31.0095 5224 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
13:19:31.0095 5224 uliagpkx - ok
13:19:31.0275 5224 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
13:19:31.0295 5224 umbus - ok
13:19:31.0355 5224 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
13:19:31.0355 5224 UmPass - ok
13:19:31.0565 5224 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\windows\system32\DRIVERS\usbser_lowerflt.sys
13:19:31.0565 5224 upperdev - ok
13:19:31.0785 5224 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
13:19:31.0795 5224 usbaudio - ok
13:19:31.0935 5224 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
13:19:31.0945 5224 usbccgp - ok
13:19:31.0975 5224 USBCCID - ok
13:19:32.0055 5224 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
13:19:32.0055 5224 usbcir - ok
13:19:32.0215 5224 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
13:19:32.0215 5224 usbehci - ok
13:19:32.0335 5224 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
13:19:32.0345 5224 usbhub - ok
13:19:32.0455 5224 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\DRIVERS\usbohci.sys
13:19:32.0465 5224 usbohci - ok
13:19:32.0555 5224 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
13:19:32.0565 5224 usbprint - ok
13:19:32.0775 5224 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\windows\system32\drivers\usbser.sys
13:19:32.0775 5224 usbser - ok
13:19:32.0885 5224 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\windows\system32\DRIVERS\usbser_lowerfltj.sys
13:19:32.0885 5224 UsbserFilt - ok
13:19:33.0035 5224 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
13:19:33.0035 5224 USBSTOR - ok
13:19:33.0095 5224 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
13:19:33.0095 5224 usbuhci - ok
13:19:33.0255 5224 VBoxDrv (3e4b3de332634151d10bca5c0f3dd226) C:\windows\system32\DRIVERS\VBoxDrv.sys
13:19:33.0255 5224 VBoxDrv - ok
13:19:33.0345 5224 VBoxNetAdp (02cf071ee8cad9667ec0736c57360b70) C:\windows\system32\DRIVERS\VBoxNetAdp.sys
13:19:33.0345 5224 VBoxNetAdp - ok
13:19:33.0485 5224 VBoxNetFlt (9200e34447dd628c0080f41b15378e83) C:\windows\system32\DRIVERS\VBoxNetFlt.sys
13:19:33.0485 5224 VBoxNetFlt - ok
13:19:33.0575 5224 VBoxUSBMon (be71306e451c5f9de9a64b32038314ee) C:\windows\system32\DRIVERS\VBoxUSBMon.sys
13:19:33.0575 5224 VBoxUSBMon - ok
13:19:33.0725 5224 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
13:19:33.0725 5224 vdrvroot - ok
13:19:33.0805 5224 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
13:19:33.0805 5224 vga - ok
13:19:33.0895 5224 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
13:19:33.0905 5224 VgaSave - ok
13:19:34.0055 5224 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
13:19:34.0165 5224 vhdmp - ok
13:19:34.0255 5224 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
13:19:34.0255 5224 viaagp - ok
13:19:34.0335 5224 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
13:19:34.0335 5224 ViaC7 - ok
13:19:34.0475 5224 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
13:19:34.0475 5224 viaide - ok
13:19:34.0685 5224 VMONI (fbe5a5e452d3c19d500a18c37b52e312) C:\windows\system32\DRIVERS\VMONI.sys
13:19:34.0685 5224 VMONI - ok
13:19:34.0765 5224 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
13:19:34.0765 5224 volmgr - ok
13:19:34.0905 5224 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
13:19:34.0915 5224 volmgrx - ok
13:19:35.0115 5224 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
13:19:35.0115 5224 volsnap - ok
13:19:35.0165 5224 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
13:19:35.0165 5224 vsmraid - ok
13:19:35.0335 5224 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
13:19:35.0335 5224 vwifibus - ok
13:19:35.0445 5224 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
13:19:35.0445 5224 vwififlt - ok
13:19:35.0495 5224 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
13:19:35.0495 5224 WacomPen - ok
13:19:35.0595 5224 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
13:19:35.0595 5224 WANARP - ok
13:19:35.0635 5224 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
13:19:35.0645 5224 Wanarpv6 - ok
13:19:35.0855 5224 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
13:19:35.0855 5224 Wd - ok
13:19:35.0905 5224 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
13:19:35.0935 5224 Wdf01000 - ok
13:19:36.0125 5224 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
13:19:36.0125 5224 WfpLwf - ok
13:19:36.0195 5224 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
13:19:36.0195 5224 WIMMount - ok
13:19:36.0455 5224 WinPhlash - ok
13:19:36.0655 5224 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
13:19:36.0655 5224 WinUsb - ok
13:19:36.0735 5224 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
13:19:36.0755 5224 WmiAcpi - ok
13:19:37.0005 5224 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
13:19:37.0015 5224 ws2ifsl - ok
13:19:37.0195 5224 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
13:19:37.0195 5224 WudfPf - ok
13:19:37.0275 5224 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
13:19:37.0275 5224 WUDFRd - ok
13:19:37.0485 5224 xusb21 (a640c90b007762939507c28a021be3b3) C:\windows\system32\DRIVERS\xusb21.sys
13:19:37.0485 5224 xusb21 - ok
13:19:37.0625 5224 MBR (0x1B8) (e676f472a91b962d085485eec761f651) \Device\Harddisk0\DR0
13:19:37.0675 5224 \Device\Harddisk0\DR0 - ok
13:19:37.0695 5224 Boot (0x1200) (aa6e578b736d60ec4b01fcead4950162) \Device\Harddisk0\DR0\Partition0
13:19:37.0695 5224 \Device\Harddisk0\DR0\Partition0 - ok
13:19:37.0705 5224 ============================================================
13:19:37.0705 5224 Scan finished
13:19:37.0705 5224 ============================================================
13:19:37.0765 4580 Detected object count: 1
13:19:37.0765 4580 Actual detected object count: 1
13:19:49.0038 4580 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:19:49.0038 4580 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 PM

Posted 14 November 2011 - 04:19 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 itzjusmee

itzjusmee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 14 November 2011 - 04:47 PM

OTL logfile created on: 11/14/2011 4:35:56 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Valued Customer\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 47.88% Memory free
7.18 Gb Paging File | 5.66 Gb Available in Paging File | 78.76% Paging File free
Paging file location(s): c:\pagefile.sys 4413 4413 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 125.39 Gb Total Space | 24.02 Gb Free Space | 19.15% Space Free | Partition Type: NTFS

Computer Name: WIN-8MBDEOE42A7 | User Name: Valued Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Valued Customer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\16.0.912.36\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\16.0.912.36\pdf.dll ()
MOD - C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\16.0.912.36\avutil-51.dll ()
MOD - C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\16.0.912.36\avformat-53.dll ()
MOD - C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\16.0.912.36\avcodec-53.dll ()
MOD - C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\16.0.912.36\gcswf32.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()


========== Win32 Services (SafeList) ==========

SRV - (ZuneWlanCfgSvc) -- File not found
SRV - (ZuneNetworkSvc) -- File not found
SRV - (WMZuneComm) -- File not found
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found
SRV - (necusb) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (AODService) -- C:\Program Files\AMD\OverDrive\AODAssist.exe ()
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe (Symantec Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (fbdpinger) -- C:\Program Files\TOSHIBA\ToshibaFB\fdbpinger.exe (Toshiba America Information Systems)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Lbd) -- C:\windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (NiProbeMem) -- C:\Windows\System32\drivers\NiProbeMem.SYS (Network Instruments LLC)
DRV - (VMONI) -- C:\Windows\System32\drivers\VMONI.sys (Network Instruments, LLC)
DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (TsVp) -- C:\Windows\System32\drivers\tsvp.sys (TamoSoft)
DRV - (TsVlb) -- C:\Windows\System32\drivers\tsvlb.sys (TamoSoft)
DRV - (CV2K1) -- C:\Windows\System32\drivers\cv2k1.sys (TamoSoft)
DRV - (TsLwWfF) -- C:\Windows\System32\drivers\TsLwWfF.sys (TamoSoft)
DRV - (SRTSP) -- C:\windows\system32\drivers\NIS\1007000.01E\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\windows\system32\drivers\NIS\1007000.01E\SRTSPX.SYS (Symantec Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (TVALZ) -- C:\windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (LPCFilter) -- C:\windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (RTL8187Se) -- C:\Windows\System32\drivers\RTL8187Se.sys (Realtek Semiconductor Corporation )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3518940427-3045449399-784693766-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-3518940427-3045449399-784693766-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z134&install_date=20110913"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.8.20110620112826
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48
FF - prefs.js..extensions.enabledItems: {B7680E05-555D-4C5B-9218-EEF0BED9E21E}:1.9.1
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.0
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20110913&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Valued Customer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 7.0a2\extensions\\Components: C:\Program Files\Aurora\components [2011/08/22 03:22:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 7.0a2\extensions\\Plugins: C:\Program Files\Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/23 16:41:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/12/06 22:30:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/01/03 17:26:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/10 19:14:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/05 05:03:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/05 05:03:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/08/13 00:15:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins [2011/10/07 23:34:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/01/03 17:26:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B7680E05-555D-4C5B-9218-EEF0BED9E21E}: C:\Users\Valued Customer\AppData\Local\{B7680E05-555D-4C5B-9218-EEF0BED9E21E} [2011/05/25 00:23:31 | 000,000,000 | ---D | M]

[2010/10/15 12:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valued Customer\AppData\Roaming\Mozilla\Extensions
[2010/10/15 12:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valued Customer\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2011/11/11 00:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions
[2011/10/04 13:57:30 | 000,000,000 | ---D | M] (ShopToWin15) -- C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}
[2011/08/13 20:15:54 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/11/11 00:03:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/13 11:51:54 | 000,000,000 | ---D | M] (BFlix Toolbar) -- C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}
[2011/09/13 11:52:09 | 000,001,945 | ---- | M] () -- C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\searchplugins\bing-zugo.xml
[2010/10/17 12:37:32 | 000,001,820 | ---- | M] () -- C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\searchplugins\bing.xml
[2010/09/18 03:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/25 12:37:58 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/07 23:01:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/11/10 19:14:15 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/05/25 00:23:31 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\VALUED CUSTOMER\APPDATA\LOCAL\{B7680E05-555D-4C5B-9218-EEF0BED9E21E}
[2010/07/17 07:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&pc=Z134&form=ZGACDF&install_date=20110913
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.0.31.200\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\16.0.912.36\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\16.0.912.36\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\16.0.912.36\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\plugins/avgnpss.dll
CHR - plugin: BitDefender QuickScan (Enabled) = C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.99_0\npqscan.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Valued Customer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: AVG Safe Search = C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\
CHR - Extension: BitDefender QuickScan = C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.99_0\
CHR - Extension: Gmail = C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/11/14 00:03:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-3518940427-3045449399-784693766-1002..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3518940427-3045449399-784693766-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3518940427-3045449399-784693766-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1807E4D4-9371-48F0-95BC-D856951216F5}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F51581FD-F85F-42D1-90A8-376360C4347B}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F51581FD-F85F-42D1-90A8-376360C4347B}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3518940427-3045449399-784693766-1002..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3518940427-3045449399-784693766-1002\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 16:34:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Valued Customer\Desktop\OTL.exe
[2011/11/14 11:29:03 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/11/14 11:27:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/13 23:58:12 | 000,000,000 | ---D | C] -- C:\Users\Valued Customer\AppData\Local\temp
[2011/11/13 23:29:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/11/13 23:29:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/11/13 23:29:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/11/13 23:26:18 | 004,292,963 | R--- | C] (Swearware) -- C:\Users\Valued Customer\Desktop\ComboFix.exe
[2011/11/13 23:23:05 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/11/13 23:22:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/11 19:42:54 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/11/11 19:41:25 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Valued Customer\Desktop\TDSSKiller.exe
[2011/11/11 16:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/11 15:07:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Valued Customer\Desktop\dds.scr
[2011/11/11 14:30:14 | 000,000,000 | ---D | C] -- C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/11 14:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/11 05:35:30 | 000,000,000 | ---D | C] -- C:\Users\Valued Customer\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/11 05:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/11/11 05:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/11 05:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/11 05:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/11 04:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/11/11 02:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/11 02:07:00 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/11/10 20:27:52 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/11/10 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\Valued Customer\AppData\Roaming\AVG2012
[2011/11/10 19:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/11/10 19:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/11/10 19:13:46 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\AVG
[2011/11/10 19:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/11/10 19:08:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/11/10 19:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/11/10 03:13:14 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2011/11/09 08:24:35 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[2 C:\Users\Valued Customer\AppData\Local\*.tmp files -> C:\Users\Valued Customer\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/14 16:34:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Valued Customer\Desktop\OTL.exe
[2011/11/14 15:51:00 | 000,000,948 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3518940427-3045449399-784693766-1002UA.job
[2011/11/14 15:44:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/14 14:37:28 | 000,000,968 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3518940427-3045449399-784693766-1002UA.job
[2011/11/14 12:45:58 | 000,253,807 | ---- | M] () -- C:\Users\Valued Customer\Desktop\Epic has added another server!!.jpg
[2011/11/14 12:17:19 | 000,114,406 | ---- | M] () -- C:\Users\Valued Customer\Desktop\Epic Matchmaking servers.jpg
[2011/11/14 11:02:08 | 109,727,428 | ---- | M] () -- C:\windows\System32\drivers\AVG\incavi.avm
[2011/11/14 10:59:55 | 000,016,304 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/14 10:59:55 | 000,016,304 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/14 10:51:42 | 000,000,384 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/14 10:51:41 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/14 10:50:59 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/11/14 10:50:49 | 2314,014,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/14 02:36:01 | 000,000,946 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3518940427-3045449399-784693766-1002Core.job
[2011/11/14 01:44:46 | 000,000,064 | ---- | M] () -- C:\windows\System32\rp_stats.dat
[2011/11/14 01:44:46 | 000,000,044 | ---- | M] () -- C:\windows\System32\rp_rules.dat
[2011/11/14 00:51:01 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3518940427-3045449399-784693766-1002Core.job
[2011/11/14 00:03:51 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/11/13 23:26:20 | 004,292,963 | R--- | M] (Swearware) -- C:\Users\Valued Customer\Desktop\ComboFix.exe
[2011/11/13 12:22:33 | 000,063,260 | ---- | M] () -- C:\windows\System32\drivers\AVG\iavichjg.avm
[2011/11/11 15:48:16 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Valued Customer\Desktop\TDSSKiller.exe
[2011/11/11 15:07:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Valued Customer\Desktop\dds.scr
[2011/11/11 14:30:14 | 000,003,007 | ---- | M] () -- C:\Users\Valued Customer\Desktop\HiJackThis.lnk
[2011/11/11 05:35:13 | 000,001,932 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/11 02:08:28 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/10 19:14:15 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/10 19:09:20 | 000,632,946 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/11/10 19:09:20 | 000,110,548 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/11/10 18:59:30 | 000,000,092 | ---- | M] () -- C:\windows\wininit.ini
[2011/11/10 12:59:01 | 000,100,702 | ---- | M] () -- C:\windows\System32\itusbcore.dat
[2011/11/10 12:59:01 | 000,000,194 | ---- | M] () -- C:\windows\System32\itlsvc.dat
[2011/11/10 11:14:33 | 000,340,904 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/11/07 07:26:01 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/10/18 12:00:45 | 000,039,392 | ---- | M] () -- C:\windows\System32\energy-report.html
[2011/10/15 17:53:36 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[2 C:\Users\Valued Customer\AppData\Local\*.tmp files -> C:\Users\Valued Customer\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 12:46:17 | 000,253,807 | ---- | C] () -- C:\Users\Valued Customer\Desktop\Epic has added another server!!.jpg
[2011/11/14 12:17:23 | 000,114,406 | ---- | C] () -- C:\Users\Valued Customer\Desktop\Epic Matchmaking servers.jpg
[2011/11/14 11:02:08 | 109,727,428 | ---- | C] () -- C:\windows\System32\drivers\AVG\incavi.avm
[2011/11/14 10:51:42 | 000,000,384 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/13 23:29:18 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/11/13 23:29:18 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/11/13 23:29:18 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/11/13 23:29:18 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/11/13 23:29:18 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/11/13 12:22:33 | 000,063,260 | ---- | C] () -- C:\windows\System32\drivers\AVG\iavichjg.avm
[2011/11/11 14:30:14 | 000,003,007 | ---- | C] () -- C:\Users\Valued Customer\Desktop\HiJackThis.lnk
[2011/11/11 05:35:13 | 000,001,932 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/11 02:08:28 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/10 19:14:15 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/10 18:59:30 | 000,000,092 | ---- | C] () -- C:\windows\wininit.ini
[2011/11/10 12:59:01 | 000,100,702 | ---- | C] () -- C:\windows\System32\itusbcore.dat
[2011/11/10 12:59:01 | 000,000,194 | ---- | C] () -- C:\windows\System32\itlsvc.dat
[2011/10/15 17:53:36 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/08/31 02:34:00 | 000,000,000 | ---- | C] () -- C:\Users\Valued Customer\AppData\Local\{D5A68F6D-6BD1-4E90-90C7-4863955BF7F2}
[2011/08/19 08:47:47 | 000,000,000 | ---- | C] () -- C:\Users\Valued Customer\AppData\Local\{F7220A39-0A22-47CF-ADB5-0D82CA6F2D99}
[2011/07/27 17:12:27 | 000,005,120 | ---- | C] () -- C:\Users\Valued Customer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/25 15:12:27 | 000,175,616 | ---- | C] () -- C:\windows\System32\unrar.dll
[2011/07/25 15:12:26 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2011/07/25 15:12:25 | 000,650,752 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2011/07/25 15:12:25 | 000,243,200 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2011/07/25 15:12:25 | 000,074,752 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2011/06/16 00:46:06 | 000,000,064 | ---- | C] () -- C:\windows\System32\rp_stats.dat
[2011/06/16 00:46:06 | 000,000,044 | ---- | C] () -- C:\windows\System32\rp_rules.dat
[2011/06/13 04:39:06 | 000,016,432 | ---- | C] () -- C:\windows\System32\lsdelete.exe
[2011/06/02 01:24:32 | 000,010,948 | -HS- | C] () -- C:\Users\Valued Customer\AppData\Local\tdn31yvi4pks3n0jt8at7srg44qvg2u01w0p7538wq6
[2011/06/02 01:24:32 | 000,010,948 | -HS- | C] () -- C:\ProgramData\tdn31yvi4pks3n0jt8at7srg44qvg2u01w0p7538wq6
[2011/05/26 02:42:41 | 000,000,103 | ---- | C] () -- C:\Users\Valued Customer\AppData\Local\fusioncache.dat
[2011/05/24 19:22:25 | 000,000,344 | ---- | C] () -- C:\ProgramData\32366328
[2011/05/18 14:15:59 | 000,452,096 | ---- | C] () -- C:\windows\System32\nmap.exe
[2011/05/18 14:15:59 | 000,290,816 | ---- | C] () -- C:\windows\System32\nmapserv.exe
[2010/11/29 15:06:23 | 000,007,594 | ---- | C] () -- C:\Users\Valued Customer\AppData\Local\Resmon.ResmonCfg
[2010/10/19 12:31:44 | 000,339,968 | ---- | C] () -- C:\windows\System32\niwsd.exe
[2010/09/18 03:05:56 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/09 17:30:58 | 000,037,336 | ---- | C] () -- C:\windows\System32\CleanMFT32.exe
[2010/09/08 01:47:16 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/09/08 00:17:16 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/09/08 00:01:13 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2010/09/07 23:56:07 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/09/07 23:54:51 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2010/09/07 23:54:51 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010/09/07 23:50:43 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2010/09/07 22:58:46 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010/09/07 00:24:27 | 000,000,016 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2010/05/19 07:19:06 | 000,017,408 | ---- | C] () -- C:\windows\System32\NiPdfCreator.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 23:33:53 | 000,340,904 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,632,946 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,110,548 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/04/28 06:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2002/10/23 09:20:32 | 000,006,784 | ---- | C] () -- C:\windows\System32\drivers\DDNT.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 PM

Posted 14 November 2011 - 06:31 PM

Hello

I want you to run this custom OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID
    @Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID
    @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D1B5B4F1    
    FF - prefs.js..extensions.enabledItems: {B7680E05-555D-4C5B-9218-EEF0BED9E21E}:1.9.1
    [2010/10/15 12:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valued Customer\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
    [2011/10/04 13:57:30 | 000,000,000 | ---D | M] (ShopToWin15) -- C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}
    [2011/08/13 20:15:54 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
    [2011/09/13 11:51:54 | 000,000,000 | ---D | M] (BFlix Toolbar) -- C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}
    [2011/05/25 00:23:31 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\VALUED CUSTOMER\APPDATA\LOCAL\{B7680E05-555D-4C5B-9218-EEF0BED9E21E}
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 itzjusmee

itzjusmee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 14 November 2011 - 07:05 PM

Ran the fix as instructed everything went well, no errors or problems. but i'm still running into the browser errors.

-----------------------------------------------------------------------------------------------------------------------


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\Program Files\Cake Poker:MID deleted successfully.
ADS C:\Program Files\Cake Poker 2.0:MID deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
Prefs.js: {B7680E05-555D-4C5B-9218-EEF0BED9E21E}:1.9.1 removed from extensions.enabledItems
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}\chrome\skin folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}\chrome\content\locale folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}\chrome\content folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}\chrome folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928} folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\defaults\preferences folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\defaults folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\xml folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\img folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\components folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\searchbar folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\options folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\radio folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\debugbar folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\data\weather folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\data\search folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\data\rss folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\data\dynamicElements folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\data folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content\widgets folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content\newtab\images folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content\newtab folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content\modules folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content\lib folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome folder moved successfully.
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa} folder moved successfully.
C:\USERS\VALUED CUSTOMER\APPDATA\LOCAL\{B7680E05-555D-4C5B-9218-EEF0BED9E21E}\chrome\content folder moved successfully.
C:\USERS\VALUED CUSTOMER\APPDATA\LOCAL\{B7680E05-555D-4C5B-9218-EEF0BED9E21E}\chrome folder moved successfully.
C:\USERS\VALUED CUSTOMER\APPDATA\LOCAL\{B7680E05-555D-4C5B-9218-EEF0BED9E21E} folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Valued Customer\Desktop\cmd.bat deleted successfully.
C:\Users\Valued Customer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Valued Customer
->Temp folder emptied: 23803491 bytes
->Temporary Internet Files folder emptied: 1705504260 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51830901 bytes
->Google Chrome cache emptied: 272446099 bytes
->Opera cache emptied: 19060485 bytes
->Flash cache emptied: 86267 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 118 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,977.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Valued Customer
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Valued Customer
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11142011_184503

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 PM

Posted 14 November 2011 - 07:52 PM

Hello


What errors are you getting at this time?

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Extra::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

Edited by gringo_pr, 14 November 2011 - 07:53 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 itzjusmee

itzjusmee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 14 November 2011 - 08:19 PM

Ran the script with combofix as instructed here is the log. computer seems to be running fine as of right now but i will keep posted if anything changes again.

-----------------------------------------------------------------------------------------------------------------------


ComboFix 11-11-13.03 - Valued Customer 11/14/2011 20:00:51.3.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.2105 [GMT -5:00]
Running from: c:\users\Valued Customer\Desktop\ComboFix.exe
Command switches used :: c:\users\Valued Customer\Desktop\cfscript.txt
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
FW: ZoneAlarm Pro Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))
.
.
2011-11-15 01:09 . 2011-11-15 01:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-11-15 01:09 . 2011-11-15 01:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-14 23:45 . 2011-11-14 23:45 -------- d-----w- C:\_OTL
2011-11-14 04:58 . 2011-11-15 01:09 -------- d-----w- c:\users\Valued Customer\AppData\Local\temp
2011-11-12 00:42 . 2011-11-12 00:42 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-11 21:02 . 2011-11-11 21:02 -------- d-----w- c:\program files\ESET
2011-11-11 19:30 . 2011-11-11 19:30 388096 ----a-r- c:\users\Valued Customer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-11 19:30 . 2011-11-11 19:30 -------- d-----w- c:\program files\Trend Micro
2011-11-11 10:35 . 2011-11-11 10:35 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\SUPERAntiSpyware.com
2011-11-11 10:35 . 2011-11-11 10:35 -------- d-----w- c:\programdata\!SASCORE
2011-11-11 10:35 . 2011-11-12 00:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-11 10:35 . 2011-11-11 10:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-11 09:13 . 2011-11-12 00:51 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-11-11 07:07 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-11 01:27 . 2011-11-11 01:27 -------- d-----w- C:\$AVG
2011-11-11 00:19 . 2011-11-11 00:19 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\AVG2012
2011-11-11 00:13 . 2011-11-14 16:02 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-11 00:13 . 2011-11-11 00:29 -------- d-----w- c:\programdata\AVG2012
2011-11-11 00:12 . 2011-11-11 00:12 -------- d-----w- c:\program files\AVG
2011-11-11 00:08 . 2011-11-11 00:08 -------- d--h--w- c:\programdata\Common Files
2011-11-11 00:08 . 2011-11-14 17:07 -------- d-----w- c:\programdata\MFAData
2011-11-10 08:13 . 2011-11-10 08:13 -------- d-----w- c:\windows\Sun
2011-11-09 13:24 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:24 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 13:24 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 00:45 . 2011-03-09 23:30 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-11-07 12:26 . 2011-05-16 16:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21 . 2011-10-04 11:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-01 02:35 . 2011-10-14 11:01 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-14 11:01 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-14 11:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 07:34 . 2011-08-31 07:34 0 ---ha-w- c:\users\Valued Customer\AppData\Local\BIT821A.tmp
2011-08-27 04:26 . 2011-10-13 14:56 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-13 14:56 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-19 13:49 . 2011-08-19 13:49 0 ---ha-w- c:\users\Valued Customer\AppData\Local\BITBA32.tmp
2011-08-17 04:24 . 2011-10-13 14:56 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 04:19 . 2011-10-13 14:56 75776 ----a-w- c:\windows\system32\psisrndr.ax
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-14_05.05.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-09-10 07:17 . 2011-11-14 05:02 262144 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2010-09-10 07:17 . 2011-11-14 23:48 262144 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:47 . 2011-11-14 23:46 314708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-11-14 04:34 314708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-10 22:18 . 2011-11-10 22:18 3629056 c:\windows\Installer\cfa86b.msi
+ 2011-01-05 11:48 . 2011-11-14 23:46 33358956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3518940427-3045449399-784693766-1002-8192.dat
- 2011-01-05 11:48 . 2011-11-14 04:34 33358956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3518940427-3045449399-784693766-1002-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-12 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\startupfolder\C:^Users^Valued Customer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-09-09 06:31 137536 ----atw- c:\users\Valued Customer\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-07 06:44 135664 ----atw- c:\users\Valued Customer\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2009-01-14 04:33 34088 ----a-w- c:\program files\TOSHIBA\Utilities\KeNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-08-22 05:18 6276408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2010-11-19 18:38 193880 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-12-20 17:03 697856 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
2009-09-22 17:42 544768 ----a-w- c:\program files\Nokia\PC Internet Access\NPCIA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 15:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 21:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2010-08-05 12:46 104408 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-28 04:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-07-21 00:46 1545512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R2 necusb;NEC USB Device Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 cpuz126;cpuz126;c:\users\VALUED~1\AppData\Local\Temp\cpuz.sys [x]
R3 cpuz134;cpuz134;c:\users\VALUED~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [2010-04-01 19560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-05-25 15232]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [2010-04-21 20072]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 100496]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-10 1343400]
R3 WinPhlash;WinPhlash;c:\windows\TEMP\WINPHLASH\PHLASHNT.SYS [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\users\Valued Customer\Desktop\WMZuneComm.exe [x]
R4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [2010-07-01 136616]
R4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
R4 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R4 fbdpinger;fbdpinger;c:\program files\Toshiba\ToshibaFB\fdbpinger.exe [2008-07-30 161136]
R4 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [2009-08-28 117640]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-05-25 64512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-08 691696]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\DRIVERS\TsLwWfF.sys [2009-11-12 22632]
S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [2010-06-15 27752]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-08-05 143184]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-08-05 41936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-11-12 116608]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NiProbeMem;NiProbeMem;c:\windows\system32\drivers\NiProbeMem.SYS [2010-10-19 36864]
S2 VMONI;VMONI Protocol Analyzer;c:\windows\system32\DRIVERS\VMONI.sys [2010-10-19 51200]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-08-05 111312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
necusb3 REG_MULTI_SZ necusb
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 07:40]
.
2011-11-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3518940427-3045449399-784693766-1002Core.job
- c:\users\Valued Customer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-09 06:31]
.
2011-11-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3518940427-3045449399-784693766-1002UA.job
- c:\users\Valued Customer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-09 06:31]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 06:44]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 06:44]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3518940427-3045449399-784693766-1002Core.job
- c:\users\Valued Customer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-12 06:44]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3518940427-3045449399-784693766-1002UA.job
- c:\users\Valued Customer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-12 06:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F51581FD-F85F-42D1-90A8-376360C4347B}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5vv1xth2.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z134&install_date=20110913
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20110913&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.0.30\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-14 20:13:30
ComboFix-quarantined-files.txt 2011-11-15 01:13
ComboFix2.txt 2011-11-14 16:29
ComboFix3.txt 2011-11-14 05:29
.
Pre-Run: 27,805,782,016 bytes free
Post-Run: 27,480,469,504 bytes free
.
- - End Of File - - DAAA05651B6EFCE0A96F6F8774BDDA5D

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 PM

Posted 14 November 2011 - 08:35 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.1

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop« Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop« Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 itzjusmee

itzjusmee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 14 November 2011 - 09:28 PM

Ran MBAM and came back with no infections here is the log.



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8164

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/14/2011 9:21:08 PM
mbam-log-2011-11-14 (21-21-08).txt

Scan type: Quick scan
Objects scanned: 165830
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-------------------------------------------------------------------------------------------------------------------
And here is the hijackthis log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:24:10 PM, on 11/14/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\windows\explorer.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts:  ■127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{F51581FD-F85F-42D1-90A8-376360C4347B}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: Zune Windows Mobile Connectivity Service (WMZuneComm) - Unknown owner - C:\Users\Valued Customer\Desktop\WMZuneComm.exe (file missing)
O23 - Service: Zune Network Sharing Service (ZuneNetworkSvc) - Unknown owner - C:\Users\Valued Customer\Desktop\ZuneNss.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Users\Valued Customer\Desktop\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 8174 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users