Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects + pop ups


  • This topic is locked This topic is locked
19 replies to this topic

#1 Gaby5376

Gaby5376

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 19 December 2011 - 11:49 AM

So recently I got that strange Win7 Internet Security virus thing, i followed the instructions from this site and the pop-ups stopped. But everything I type into Google redirects and occasionally a new window will pop up with like 13 tabs that just say loading. On top of that I have AVG and at least a few times a day something pops up saying that a threat was protected, i don't know if that's real or not. Last thing, this might be unrelated but the majority of the space on my computer (it's a 250 GB Toshiba laptop) says it is being used and before the Win7 thing, i think i had only used about half the space. Thanks guys!

Oh, I don't know if you need to know this but when I was creating and saving the log files, i tried to save them to my desktop, but the icons wouldn't pop up, even tho when i searched for them manually I was able to locate them.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Gabzie at 8:18:33 on 2011-12-19
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2814.920 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\TANU\TANU.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Gabzie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DVDFab 7\DVDFab.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local;192.168.*.*
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\compan~1\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.10\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.10\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\compan~1\installs\cpn\YTSING~1.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.10\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\compan~1\installs\cpn\yt.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
mRun: [dlcqmon.exe] "c:\program files\dell photo aio printer 966\dlcqmon.exe"
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\gabzie\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\gabzie\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{55A30E48-C84D-40D1-8AEF-A0B2422CB07C} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B0953BCA-B4AB-470A-BA92-66328C9D0A90} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B0953BCA-B4AB-470A-BA92-66328C9D0A90}\07F6F6B69656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B0953BCA-B4AB-470A-BA92-66328C9D0A90}\155716C696479794E6E61326 : DhcpNameServer = 68.87.72.130 68.87.77.130
TCP: Interfaces\{B0953BCA-B4AB-470A-BA92-66328C9D0A90}\4516C6C60556E6765796E6 : DhcpNameServer = 8.8.8.8 8.8.4.4 68.87.72.134
TCP: Interfaces\{B0953BCA-B4AB-470A-BA92-66328C9D0A90}\4516C6C60556E6765796E6D27657563747 : DhcpNameServer = 208.67.222.222 208.67.220.220 68.87.72.134
TCP: Interfaces\{B0953BCA-B4AB-470A-BA92-66328C9D0A90}\4646D2772747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B0953BCA-B4AB-470A-BA92-66328C9D0A90}\8445340214D616A756024374028303 : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.10\CoIEPlg.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gabzie\appdata\roaming\mozilla\firefox\profiles\m7jd90lc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-13 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00a\SymEFA.sys [2009-8-19 310320]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00a\BHDrvx86.sys [2009-8-19 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00a\cchpx86.sys [2009-8-19 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090810.001\IDSvix86.sys [2009-8-14 293424]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-5-27 25896]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-6-21 47640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-13 22216]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-29 101936]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-4-4 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-2-7 11008]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-13 30576]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
.
=============== Created Last 30 ================
.
2011-12-19 07:34:24 -------- d-----w- c:\users\gabzie\appdata\roaming\WinAVI
2011-12-19 07:34:24 -------- d-----w- c:\users\gabzie\appdata\local\WinAVI
2011-12-19 07:34:05 -------- d-----w- c:\program files\WinAVI
2011-12-14 00:23:55 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-12-13 19:38:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 19:38:36 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 19:38:32 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-13 19:38:32 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-10 01:55:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-09 03:55:44 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-09 03:52:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-09 03:52:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-26 00:13:24 158056 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10139.bin
.
==================== Find3M ====================
.
2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 20:07:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 04:35:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 03:28:41 386048 ----a-w- c:\windows\system32\html.iec
2011-11-05 02:55:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-29 15:43:37 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 8:23:34.69 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Gaby5376

Gaby5376
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 19 December 2011 - 11:54 AM

EDIT: I forgot to attach the GMER logs. Here yah go.

Attached Files

  • Attached File  ark.txt   40.14KB   1 downloads


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:56 PM

Posted 20 December 2011 - 03:44 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It looks like you're infected with an infection called ZAccess.

Please yield the following warning:


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:


Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:




Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 Gaby5376

Gaby5376
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 20 December 2011 - 02:01 PM

Hey, first I want to say thanks for taking the time to help me out. Hope this helps!



06:59:07.0051 0432 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
06:59:07.0507 0432 ============================================================
06:59:07.0507 0432 Current date / time: 2011/12/20 06:59:07.0507
06:59:07.0507 0432 SystemInfo:
06:59:07.0507 0432
06:59:07.0507 0432 OS Version: 6.1.7600 ServicePack: 0.0
06:59:07.0507 0432 Product type: Workstation
06:59:07.0508 0432 ComputerName: GABZIEROCKS
06:59:07.0508 0432 UserName: Gabzie
06:59:07.0508 0432 Windows directory: C:\Windows
06:59:07.0508 0432 System windows directory: C:\Windows
06:59:07.0508 0432 Processor architecture: Intel x86
06:59:07.0508 0432 Number of processors: 2
06:59:07.0508 0432 Page size: 0x1000
06:59:07.0508 0432 Boot type: Normal boot
06:59:07.0508 0432 ============================================================
06:59:11.0522 0432 Initialize success
06:59:26.0199 6564 ============================================================
06:59:26.0199 6564 Scan started
06:59:26.0199 6564 Mode: Manual; SigCheck; TDLFS;
06:59:26.0199 6564 ============================================================
06:59:27.0567 6564 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
06:59:27.0657 6564 1394ohci - ok
06:59:27.0830 6564 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
06:59:27.0875 6564 ACPI - ok
06:59:28.0023 6564 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
06:59:28.0048 6564 AcpiPmi - ok
06:59:28.0242 6564 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
06:59:28.0266 6564 adp94xx - ok
06:59:28.0422 6564 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
06:59:28.0443 6564 adpahci - ok
06:59:28.0599 6564 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
06:59:28.0618 6564 adpu320 - ok
06:59:28.0771 6564 AFD (44a05beda19494682d74437d9d73c931) C:\Windows\system32\drivers\afd.sys
06:59:28.0774 6564 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 44a05beda19494682d74437d9d73c931, Fake md5: 27b305b30c5acb0971382178143c9273
06:59:28.0778 6564 AFD ( ForgedFile.Multi.Generic ) - warning
06:59:28.0778 6564 AFD - detected ForgedFile.Multi.Generic (1)
06:59:28.0961 6564 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
06:59:29.0006 6564 AgereSoftModem - ok
06:59:29.0154 6564 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
06:59:29.0169 6564 agp440 - ok
06:59:29.0330 6564 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
06:59:29.0346 6564 aic78xx - ok
06:59:29.0508 6564 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
06:59:29.0524 6564 aliide - ok
06:59:29.0675 6564 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
06:59:29.0690 6564 amdagp - ok
06:59:29.0824 6564 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
06:59:29.0839 6564 amdide - ok
06:59:30.0007 6564 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
06:59:30.0026 6564 AmdK8 - ok
06:59:30.0211 6564 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
06:59:30.0233 6564 AmdPPM - ok
06:59:30.0410 6564 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
06:59:30.0427 6564 amdsata - ok
06:59:30.0588 6564 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
06:59:30.0606 6564 amdsbs - ok
06:59:30.0758 6564 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
06:59:30.0773 6564 amdxata - ok
06:59:30.0927 6564 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
06:59:30.0953 6564 AppID - ok
06:59:31.0152 6564 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
06:59:31.0168 6564 arc - ok
06:59:31.0307 6564 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
06:59:31.0326 6564 arcsas - ok
06:59:31.0491 6564 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
06:59:31.0535 6564 AsyncMac - ok
06:59:31.0690 6564 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
06:59:31.0709 6564 atapi - ok
06:59:32.0112 6564 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
06:59:32.0234 6564 atikmdag - ok
06:59:32.0552 6564 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
06:59:32.0612 6564 AtiPcie - ok
06:59:32.0789 6564 AVGIDSDriver (b9acb889ba1e0561868c025f95d63e25) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
06:59:32.0806 6564 AVGIDSDriver - ok
06:59:32.0985 6564 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
06:59:33.0002 6564 AVGIDSEH - ok
06:59:33.0124 6564 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
06:59:33.0144 6564 AVGIDSFilter - ok
06:59:33.0288 6564 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
06:59:33.0303 6564 AVGIDSShim - ok
06:59:33.0461 6564 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
06:59:33.0486 6564 Avgldx86 - ok
06:59:33.0635 6564 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
06:59:33.0662 6564 Avgmfx86 - ok
06:59:33.0885 6564 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
06:59:33.0905 6564 Avgrkx86 - ok
06:59:34.0061 6564 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
06:59:34.0084 6564 Avgtdix - ok
06:59:34.0268 6564 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
06:59:34.0299 6564 b06bdrv - ok
06:59:34.0467 6564 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
06:59:34.0490 6564 b57nd60x - ok
06:59:34.0666 6564 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
06:59:34.0708 6564 Beep - ok
06:59:34.0909 6564 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\Windows\System32\Drivers\NIS\1007020.00A\BHDrvx86.sys
06:59:34.0929 6564 BHDrvx86 - ok
06:59:35.0086 6564 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
06:59:35.0107 6564 blbdrive - ok
06:59:35.0276 6564 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
06:59:35.0300 6564 bowser - ok
06:59:35.0436 6564 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:59:35.0459 6564 BrFiltLo - ok
06:59:35.0609 6564 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:59:35.0638 6564 BrFiltUp - ok
06:59:35.0804 6564 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
06:59:35.0831 6564 Brserid - ok
06:59:36.0041 6564 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
06:59:36.0068 6564 BrSerWdm - ok
06:59:36.0207 6564 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
06:59:36.0232 6564 BrUsbMdm - ok
06:59:36.0381 6564 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
06:59:36.0419 6564 BrUsbSer - ok
06:59:36.0779 6564 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
06:59:36.0831 6564 BTCFilterService - ok
06:59:36.0974 6564 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
06:59:36.0993 6564 BTHMODEM - ok
06:59:37.0230 6564 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\Windows\System32\Drivers\NIS\1007020.00A\ccHPx86.sys
06:59:37.0252 6564 ccHP - ok
06:59:37.0416 6564 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
06:59:37.0473 6564 cdfs - ok
06:59:37.0840 6564 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
06:59:37.0864 6564 cdrom - ok
06:59:38.0055 6564 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
06:59:38.0083 6564 circlass - ok
06:59:38.0240 6564 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
06:59:38.0259 6564 CLFS - ok
06:59:38.0563 6564 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
06:59:38.0582 6564 CmBatt - ok
06:59:38.0715 6564 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
06:59:38.0740 6564 cmdide - ok
06:59:38.0886 6564 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
06:59:38.0923 6564 CNG - ok
06:59:39.0080 6564 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
06:59:39.0105 6564 Compbatt - ok
06:59:39.0261 6564 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
06:59:39.0288 6564 CompositeBus - ok
06:59:39.0449 6564 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
06:59:39.0466 6564 crcdisk - ok
06:59:39.0653 6564 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
06:59:39.0741 6564 CSC - ok
06:59:40.0323 6564 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
06:59:40.0371 6564 DfsC - ok
06:59:40.0664 6564 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
06:59:40.0727 6564 discache - ok
06:59:41.0162 6564 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
06:59:41.0180 6564 Disk - ok
06:59:41.0590 6564 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
06:59:41.0614 6564 drmkaud - ok
06:59:42.0042 6564 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
06:59:42.0078 6564 DXGKrnl - ok
06:59:43.0079 6564 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
06:59:43.0245 6564 ebdrv - ok
06:59:43.0373 6564 eeCtrl (70aeac5d481b2904b40f2173e280b1b5) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
06:59:43.0402 6564 eeCtrl - ok
06:59:43.0771 6564 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
06:59:43.0796 6564 elxstor - ok
06:59:44.0050 6564 EraserUtilRebootDrv (00bd6fc4a873d3341dcf9aef2d3c841e) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
06:59:44.0072 6564 EraserUtilRebootDrv - ok
06:59:44.0366 6564 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
06:59:44.0401 6564 ErrDev - ok
06:59:44.0793 6564 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
06:59:44.0846 6564 exfat - ok
06:59:45.0115 6564 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
06:59:45.0177 6564 fastfat - ok
06:59:45.0571 6564 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
06:59:45.0589 6564 fdc - ok
06:59:46.0042 6564 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
06:59:46.0064 6564 FileInfo - ok
06:59:46.0381 6564 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
06:59:46.0429 6564 Filetrace - ok
06:59:46.0741 6564 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
06:59:46.0767 6564 flpydisk - ok
06:59:47.0208 6564 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
06:59:47.0286 6564 FltMgr - ok
06:59:47.0774 6564 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
06:59:47.0834 6564 FsDepends - ok
06:59:48.0320 6564 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
06:59:48.0398 6564 Fs_Rec - ok
06:59:48.0706 6564 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
06:59:48.0734 6564 fvevol - ok
06:59:49.0140 6564 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
06:59:49.0254 6564 FwLnk - ok
06:59:49.0667 6564 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
06:59:49.0686 6564 gagp30kx - ok
06:59:50.0067 6564 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:59:50.0081 6564 GEARAspiWDM - ok
06:59:50.0419 6564 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
06:59:50.0448 6564 hcw85cir - ok
06:59:50.0891 6564 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
06:59:50.0921 6564 HDAudBus - ok
06:59:51.0870 6564 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
06:59:51.0938 6564 HidBatt - ok
06:59:52.0937 6564 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
06:59:53.0086 6564 HidBth - ok
06:59:53.0790 6564 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
06:59:53.0828 6564 HidIr - ok
06:59:55.0160 6564 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
06:59:55.0199 6564 HidUsb - ok
06:59:56.0216 6564 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
06:59:56.0241 6564 HpSAMD - ok
06:59:56.0859 6564 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
06:59:56.0950 6564 HTTP - ok
06:59:57.0248 6564 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
06:59:57.0268 6564 hwpolicy - ok
06:59:58.0215 6564 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
06:59:58.0239 6564 i8042prt - ok
06:59:59.0429 6564 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
06:59:59.0457 6564 iaStorV - ok
07:00:00.0415 6564 IDSVix86 (d87cfae5b7e7af5c86cabb537ce16920) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090810.001\IDSvix86.sys
07:00:00.0449 6564 IDSVix86 - ok
07:00:00.0949 6564 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
07:00:00.0972 6564 iirsp - ok
07:00:02.0111 6564 IntcAzAudAddService (3d40dd1831ed82a9ff660949506aad56) C:\Windows\system32\drivers\RTKVHDA.sys
07:00:02.0668 6564 IntcAzAudAddService - ok
07:00:03.0752 6564 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
07:00:03.0795 6564 intelide - ok
07:00:04.0522 6564 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
07:00:04.0569 6564 intelppm - ok
07:00:05.0390 6564 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:00:05.0453 6564 IpFilterDriver - ok
07:00:05.0894 6564 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
07:00:05.0921 6564 IPMIDRV - ok
07:00:06.0662 6564 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
07:00:06.0958 6564 IPNAT - ok
07:00:07.0929 6564 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
07:00:08.0016 6564 IRENUM - ok
07:00:08.0426 6564 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
07:00:08.0450 6564 isapnp - ok
07:00:09.0039 6564 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
07:00:09.0061 6564 iScsiPrt - ok
07:00:10.0188 6564 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
07:00:10.0204 6564 kbdclass - ok
07:00:10.0915 6564 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
07:00:10.0937 6564 kbdhid - ok
07:00:11.0716 6564 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
07:00:11.0735 6564 KSecDD - ok
07:00:12.0030 6564 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
07:00:12.0049 6564 KSecPkg - ok
07:00:12.0314 6564 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
07:00:12.0382 6564 Lavasoft Kernexplorer - ok
07:00:13.0091 6564 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
07:00:13.0109 6564 Lbd - ok
07:00:13.0693 6564 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
07:00:13.0739 6564 lltdio - ok
07:00:14.0096 6564 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
07:00:14.0112 6564 LMIInfo - ok
07:00:14.0794 6564 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
07:00:14.0819 6564 lmimirr - ok
07:00:15.0629 6564 LMIRfsClientNP - ok
07:00:16.0177 6564 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
07:00:16.0217 6564 LMIRfsDriver - ok
07:00:17.0179 6564 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:00:17.0200 6564 LSI_FC - ok
07:00:17.0854 6564 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:00:17.0872 6564 LSI_SAS - ok
07:00:18.0536 6564 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:00:18.0554 6564 LSI_SAS2 - ok
07:00:19.0122 6564 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:00:19.0140 6564 LSI_SCSI - ok
07:00:19.0665 6564 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
07:00:19.0732 6564 luafv - ok
07:00:20.0396 6564 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
07:00:20.0414 6564 MBAMProtector - ok
07:00:21.0509 6564 MBAMSwissArmy - ok
07:00:22.0226 6564 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
07:00:22.0242 6564 megasas - ok
07:00:23.0534 6564 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
07:00:23.0562 6564 MegaSR - ok
07:00:24.0093 6564 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
07:00:24.0140 6564 Modem - ok
07:00:24.0857 6564 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
07:00:24.0911 6564 monitor - ok
07:00:25.0955 6564 motccgp (f4ea1193a52c8fe4b8a135e210abe546) C:\Windows\system32\DRIVERS\motccgp.sys
07:00:26.0032 6564 motccgp - ok
07:00:26.0623 6564 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
07:00:26.0678 6564 motccgpfl - ok
07:00:27.0945 6564 motmodem (69814acd50a9d6d28296050ef6215d46) C:\Windows\system32\DRIVERS\motmodem.sys
07:00:28.0039 6564 motmodem - ok
07:00:29.0167 6564 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
07:00:29.0202 6564 MotoSwitchService - ok
07:00:29.0879 6564 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS\Motousbnet.sys
07:00:30.0012 6564 Motousbnet - ok
07:00:30.0739 6564 motusbdevice (f18898d418f43e74a93edc57e1f28bc9) C:\Windows\system32\DRIVERS\motusbdevice.sys
07:00:30.0864 6564 motusbdevice - ok
07:00:31.0570 6564 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
07:00:31.0619 6564 mouclass - ok
07:00:31.0963 6564 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
07:00:32.0046 6564 mouhid - ok
07:00:32.0666 6564 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
07:00:32.0708 6564 mountmgr - ok
07:00:33.0386 6564 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
07:00:33.0405 6564 mpio - ok
07:00:34.0068 6564 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
07:00:34.0108 6564 mpsdrv - ok
07:00:34.0522 6564 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
07:00:34.0549 6564 MRxDAV - ok
07:00:35.0087 6564 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:00:35.0144 6564 mrxsmb - ok
07:00:35.0469 6564 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:00:35.0497 6564 mrxsmb10 - ok
07:00:35.0773 6564 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:00:35.0798 6564 mrxsmb20 - ok
07:00:36.0142 6564 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
07:00:36.0167 6564 msahci - ok
07:00:36.0507 6564 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
07:00:36.0528 6564 msdsm - ok
07:00:36.0939 6564 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
07:00:36.0986 6564 Msfs - ok
07:00:37.0449 6564 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
07:00:37.0495 6564 mshidkmdf - ok
07:00:38.0086 6564 MSHUSBVideo (7a0f9cbdbdb135113b9a3c138e20c85d) C:\Windows\system32\Drivers\nx6000.sys
07:00:38.0100 6564 MSHUSBVideo - ok
07:00:38.0374 6564 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
07:00:38.0389 6564 msisadrv - ok
07:00:38.0727 6564 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
07:00:38.0769 6564 MSKSSRV - ok
07:00:39.0160 6564 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
07:00:39.0200 6564 MSPCLOCK - ok
07:00:39.0579 6564 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
07:00:39.0625 6564 MSPQM - ok
07:00:39.0978 6564 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
07:00:40.0000 6564 MsRPC - ok
07:00:40.0335 6564 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
07:00:40.0351 6564 mssmbios - ok
07:00:40.0608 6564 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
07:00:40.0649 6564 MSTEE - ok
07:00:40.0986 6564 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
07:00:41.0009 6564 MTConfig - ok
07:00:41.0359 6564 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
07:00:41.0377 6564 Mup - ok
07:00:41.0694 6564 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
07:00:41.0724 6564 NativeWifiP - ok
07:00:42.0218 6564 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
07:00:42.0252 6564 NDIS - ok
07:00:43.0465 6564 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
07:00:43.0748 6564 NdisCap - ok
07:00:45.0250 6564 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
07:00:45.0319 6564 NdisTapi - ok
07:00:49.0515 6564 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
07:00:49.0603 6564 Ndisuio - ok
07:00:50.0601 6564 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
07:00:50.0683 6564 NdisWan - ok
07:00:51.0069 6564 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
07:00:51.0134 6564 NDProxy - ok
07:00:51.0500 6564 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
07:00:51.0719 6564 NetBIOS - ok
07:00:52.0072 6564 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
07:00:52.0229 6564 NetBT - ok
07:00:52.0477 6564 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
07:00:52.0494 6564 nfrd960 - ok
07:00:52.0672 6564 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
07:00:52.0791 6564 Npfs - ok
07:00:52.0948 6564 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
07:00:53.0012 6564 nsiproxy - ok
07:00:53.0189 6564 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
07:00:53.0236 6564 Ntfs - ok
07:00:54.0037 6564 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
07:00:54.0289 6564 Null - ok
07:00:54.0907 6564 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
07:00:54.0935 6564 nvraid - ok
07:00:55.0605 6564 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
07:00:55.0626 6564 nvstor - ok
07:00:56.0137 6564 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
07:00:56.0161 6564 nv_agp - ok
07:00:56.0666 6564 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
07:00:57.0506 6564 ohci1394 - ok
07:00:58.0353 6564 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
07:00:58.0494 6564 Parport - ok
07:00:59.0116 6564 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
07:00:59.0136 6564 partmgr - ok
07:00:59.0435 6564 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
07:00:59.0496 6564 Parvdm - ok
07:01:00.0204 6564 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
07:01:00.0234 6564 pci - ok
07:01:00.0533 6564 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
07:01:00.0550 6564 pciide - ok
07:01:00.0863 6564 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
07:01:00.0885 6564 pcmcia - ok
07:01:01.0238 6564 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
07:01:01.0255 6564 pcw - ok
07:01:01.0700 6564 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
07:01:02.0489 6564 PEAUTH - ok
07:01:02.0820 6564 Point32 (858d5d8dbe432b358ca2f9d534169ca1) C:\Windows\system32\DRIVERS\point32k.sys
07:01:02.0839 6564 Point32 - ok
07:01:03.0127 6564 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
07:01:03.0179 6564 PptpMiniport - ok
07:01:03.0853 6564 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
07:01:03.0874 6564 Processor - ok
07:01:04.0692 6564 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
07:01:04.0940 6564 Psched - ok
07:01:05.0503 6564 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
07:01:05.0519 6564 PxHelp20 - ok
07:01:05.0901 6564 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
07:01:05.0950 6564 ql2300 - ok
07:01:06.0213 6564 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
07:01:06.0243 6564 ql40xx - ok
07:01:06.0814 6564 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
07:01:06.0874 6564 QWAVEdrv - ok
07:01:07.0138 6564 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
07:01:07.0226 6564 RasAcd - ok
07:01:07.0481 6564 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:01:07.0522 6564 RasAgileVpn - ok
07:01:07.0812 6564 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:01:07.0892 6564 Rasl2tp - ok
07:01:08.0293 6564 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
07:01:08.0426 6564 RasPppoe - ok
07:01:08.0698 6564 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
07:01:08.0767 6564 RasSstp - ok
07:01:09.0091 6564 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
07:01:09.0150 6564 rdbss - ok
07:01:09.0362 6564 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
07:01:09.0586 6564 rdpbus - ok
07:01:09.0823 6564 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:01:09.0892 6564 RDPCDD - ok
07:01:10.0337 6564 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
07:01:10.0516 6564 RDPDR - ok
07:01:10.0912 6564 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
07:01:11.0016 6564 RDPENCDD - ok
07:01:11.0387 6564 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
07:01:11.0450 6564 RDPREFMP - ok
07:01:12.0003 6564 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
07:01:12.0052 6564 RDPWD - ok
07:01:12.0506 6564 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
07:01:12.0528 6564 rdyboost - ok
07:01:12.0911 6564 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
07:01:12.0957 6564 rspndr - ok
07:01:13.0285 6564 RTL8169 (470253597930e765dd08b30e723c1fa2) C:\Windows\system32\DRIVERS\Rtlh86.sys
07:01:13.0363 6564 RTL8169 - ok
07:01:13.0653 6564 RTL8187Se (68f6a5488432f4c8d73e9a9d405f11d6) C:\Windows\system32\DRIVERS\RTL8187Se.sys
07:01:13.0726 6564 RTL8187Se - ok
07:01:14.0460 6564 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
07:01:14.0503 6564 RtlProt - ok
07:01:14.0773 6564 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
07:01:14.0822 6564 s3cap - ok
07:01:15.0127 6564 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
07:01:15.0147 6564 sbp2port - ok
07:01:15.0640 6564 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
07:01:15.0682 6564 scfilter - ok
07:01:16.0342 6564 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:01:16.0395 6564 secdrv - ok
07:01:16.0821 6564 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
07:01:16.0843 6564 Serenum - ok
07:01:17.0162 6564 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
07:01:17.0217 6564 Serial - ok
07:01:17.0532 6564 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
07:01:17.0645 6564 sermouse - ok
07:01:18.0000 6564 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
07:01:18.0053 6564 sffdisk - ok
07:01:18.0295 6564 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
07:01:18.0327 6564 sffp_mmc - ok
07:01:18.0605 6564 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
07:01:18.0656 6564 sffp_sd - ok
07:01:18.0863 6564 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
07:01:18.0885 6564 sfloppy - ok
07:01:19.0334 6564 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
07:01:19.0352 6564 sisagp - ok
07:01:19.0808 6564 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:01:19.0826 6564 SiSRaid2 - ok
07:01:20.0350 6564 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
07:01:20.0377 6564 SiSRaid4 - ok
07:01:20.0720 6564 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
07:01:20.0801 6564 Smb - ok
07:01:21.0100 6564 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
07:01:21.0118 6564 spldr - ok
07:01:21.0520 6564 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\Windows\system32\drivers\NIS\1007020.00A\SRTSPX.SYS
07:01:21.0537 6564 SRTSPX - ok
07:01:21.0763 6564 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
07:01:21.0847 6564 srv - ok
07:01:22.0069 6564 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
07:01:22.0122 6564 srv2 - ok
07:01:22.0414 6564 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
07:01:22.0468 6564 srvnet - ok
07:01:22.0701 6564 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
07:01:22.0719 6564 stexstor - ok
07:01:23.0030 6564 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
07:01:23.0046 6564 storflt - ok
07:01:23.0335 6564 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
07:01:23.0354 6564 storvsc - ok
07:01:23.0577 6564 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
07:01:23.0596 6564 swenum - ok
07:01:24.0054 6564 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\Windows\system32\drivers\NIS\1007020.00A\SYMEFA.SYS
07:01:24.0080 6564 SymEFA - ok
07:01:24.0457 6564 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
07:01:24.0475 6564 SymEvent - ok
07:01:24.0607 6564 SymIM (34f1c9d5dcc19df1e824d6b73767b8af) C:\Windows\system32\DRIVERS\SymIMv.sys
07:01:24.0629 6564 SymIM - ok
07:01:24.0831 6564 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\Windows\System32\Drivers\NIS\1007020.00A\SYMTDI.SYS
07:01:24.0852 6564 SYMTDI - ok
07:01:25.0037 6564 SynTP (8fe2c9649ffe62143965f8d16b08be28) C:\Windows\system32\DRIVERS\SynTP.sys
07:01:25.0055 6564 SynTP - ok
07:01:25.0243 6564 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
07:01:25.0292 6564 Tcpip - ok
07:01:25.0464 6564 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
07:01:25.0537 6564 TCPIP6 - ok
07:01:25.0686 6564 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
07:01:25.0755 6564 tcpipreg - ok
07:01:25.0891 6564 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
07:01:25.0934 6564 tdcmdpst - ok
07:01:26.0192 6564 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
07:01:26.0260 6564 TDPIPE - ok
07:01:26.0392 6564 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
07:01:26.0460 6564 TDTCP - ok
07:01:26.0621 6564 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
07:01:26.0693 6564 tdx - ok
07:01:26.0842 6564 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
07:01:26.0864 6564 TermDD - ok
07:01:27.0059 6564 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:01:27.0131 6564 tssecsrv - ok
07:01:27.0310 6564 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
07:01:27.0384 6564 tunnel - ok
07:01:27.0529 6564 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
07:01:27.0546 6564 TVALZ - ok
07:01:27.0692 6564 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
07:01:27.0709 6564 uagp35 - ok
07:01:27.0862 6564 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
07:01:27.0946 6564 udfs - ok
07:01:28.0104 6564 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
07:01:28.0121 6564 uliagpkx - ok
07:01:28.0303 6564 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
07:01:28.0358 6564 umbus - ok
07:01:28.0524 6564 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
07:01:28.0580 6564 UmPass - ok
07:01:28.0757 6564 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
07:01:28.0833 6564 USBAAPL - ok
07:01:28.0978 6564 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
07:01:29.0037 6564 usbaudio - ok
07:01:29.0192 6564 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
07:01:29.0248 6564 usbccgp - ok
07:01:29.0401 6564 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
07:01:29.0456 6564 usbcir - ok
07:01:29.0594 6564 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
07:01:29.0648 6564 usbehci - ok
07:01:29.0815 6564 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
07:01:29.0885 6564 usbhub - ok
07:01:30.0296 6564 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
07:01:30.0349 6564 usbohci - ok
07:01:30.0497 6564 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
07:01:30.0555 6564 usbprint - ok
07:01:30.0725 6564 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:01:30.0784 6564 USBSTOR - ok
07:01:30.0963 6564 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
07:01:31.0018 6564 usbuhci - ok
07:01:31.0161 6564 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
07:01:31.0242 6564 usbvideo - ok
07:01:31.0399 6564 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
07:01:31.0419 6564 vdrvroot - ok
07:01:31.0585 6564 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
07:01:31.0646 6564 vga - ok
07:01:31.0790 6564 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
07:01:31.0865 6564 VgaSave - ok
07:01:32.0270 6564 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
07:01:32.0293 6564 vhdmp - ok
07:01:32.0444 6564 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
07:01:32.0461 6564 viaagp - ok
07:01:32.0611 6564 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
07:01:32.0669 6564 ViaC7 - ok
07:01:32.0818 6564 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
07:01:32.0836 6564 viaide - ok
07:01:32.0993 6564 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
07:01:33.0015 6564 vmbus - ok
07:01:33.0172 6564 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
07:01:33.0227 6564 VMBusHID - ok
07:01:33.0386 6564 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
07:01:33.0404 6564 volmgr - ok
07:01:33.0558 6564 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
07:01:33.0579 6564 volmgrx - ok
07:01:33.0740 6564 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
07:01:33.0758 6564 volsnap - ok
07:01:33.0922 6564 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
07:01:33.0940 6564 vsmraid - ok
07:01:34.0089 6564 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
07:01:34.0148 6564 vwifibus - ok
07:01:34.0696 6564 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
07:01:34.0749 6564 WacomPen - ok
07:01:34.0928 6564 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
07:01:35.0001 6564 WANARP - ok
07:01:35.0006 6564 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
07:01:35.0079 6564 Wanarpv6 - ok
07:01:35.0244 6564 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
07:01:35.0259 6564 Wd - ok
07:01:35.0421 6564 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
07:01:35.0445 6564 Wdf01000 - ok
07:01:35.0620 6564 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
07:01:35.0694 6564 WfpLwf - ok
07:01:35.0829 6564 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
07:01:35.0843 6564 WIMMount - ok
07:01:36.0033 6564 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
07:01:36.0094 6564 WinUsb - ok
07:01:36.0276 6564 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
07:01:36.0414 6564 WmiAcpi - ok
07:01:36.0920 6564 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
07:01:36.0990 6564 ws2ifsl - ok
07:01:37.0285 6564 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
07:01:37.0395 6564 WSDPrintDevice - ok
07:01:37.0780 6564 WSDScan (7dc0270cfd4a05b4112e3ebbf083b595) C:\Windows\system32\DRIVERS\WSDScan.sys
07:01:37.0836 6564 WSDScan - ok
07:01:38.0276 6564 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
07:01:38.0348 6564 WudfPf - ok
07:01:38.0521 6564 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:01:38.0595 6564 WUDFRd - ok
07:01:38.0645 6564 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:01:39.0216 6564 \Device\Harddisk0\DR0 - ok
07:01:39.0266 6564 Boot (0x1200) (638eb97305996904fd2e1413515f4788) \Device\Harddisk0\DR0\Partition0
07:01:39.0267 6564 \Device\Harddisk0\DR0\Partition0 - ok
07:01:39.0268 6564 ============================================================
07:01:39.0268 6564 Scan finished
07:01:39.0268 6564 ============================================================
07:01:39.0272 4140 Detected object count: 1
07:01:39.0272 4140 Actual detected object count: 1
07:03:12.0788 4140 AFD ( ForgedFile.Multi.Generic ) - skipped by user
07:03:12.0788 4140 AFD ( ForgedFile.Multi.Generic ) - User select action: Skip
12:28:20.0979 7176 Deinitialize success




OTL logfile created on: 12/20/2011 12:34:31 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Gabzie\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 41.85% Memory free
5.49 Gb Paging File | 2.98 Gb Available in Paging File | 54.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.67 Gb Total Space | 40.03 Gb Free Space | 17.98% Space Free | Partition Type: NTFS
Drive D: | 3.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: GABZIEROCKS | User Name: Gabzie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/20 12:32:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gabzie\Downloads\OTL.exe
PRC - [2011/09/19 14:58:26 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/09/10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/09/01 18:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Gabzie\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/08/10 13:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/08 16:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/07/15 22:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/08 12:05:08 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/06/08 12:04:54 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/05/26 14:28:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/08/09 13:39:26 | 005,181,944 | ---- | M] (Fengtao Software Inc.) -- C:\Program Files\DVDFab 7\DVDFab.exe
PRC - [2010/06/01 09:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/18 13:11:42 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
PRC - [2009/05/12 23:26:42 | 000,299,008 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/04/14 18:57:38 | 000,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/04/14 18:57:12 | 001,318,912 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
PRC - [2009/03/28 13:30:44 | 000,263,560 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TANU\TANU.exe
PRC - [2009/03/24 12:34:34 | 001,007,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/03/23 11:50:40 | 000,729,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/03/17 12:49:04 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/10 19:50:36 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/06 19:29:16 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/03/06 19:29:04 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/27 18:10:32 | 000,349,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2009/02/19 15:52:38 | 000,057,344 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
PRC - [2009/02/16 16:50:48 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2009/01/08 08:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2008/12/18 15:34:24 | 000,448,376 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/15 14:07:37 | 006,276,768 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/08 16:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/06/01 09:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/02/01 18:16:04 | 006,187,913 | ---- | M] () -- C:\Program Files\DVDFab 7\avcodec.dll
MOD - [2010/02/01 18:16:04 | 000,748,501 | ---- | M] () -- C:\Program Files\DVDFab 7\avformat.dll
MOD - [2010/02/01 18:16:04 | 000,113,766 | ---- | M] () -- C:\Program Files\DVDFab 7\avutil.dll
MOD - [2010/01/25 11:29:46 | 000,065,536 | ---- | M] () -- C:\Program Files\DVDFab 7\zlibwapi.dll
MOD - [2009/07/13 19:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2009/07/13 19:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/03/12 20:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2009/03/07 14:15:46 | 007,005,496 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009/02/27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2009/01/30 23:11:56 | 000,073,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2006/12/01 18:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006/10/10 12:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (XMLProvS)
SRV - [2011/09/19 14:58:26 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/09/02 07:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/10 13:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/06/08 12:05:08 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/06/08 12:04:54 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/12/14 11:52:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/08/18 13:11:42 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/04/14 18:57:38 | 000,176,128 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/03/17 12:49:04 | 000,073,728 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 19:29:16 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/02/19 15:52:38 | 000,057,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2009/02/16 16:50:48 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/03 17:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/08 12:05:52 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/05/27 18:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/24 20:35:40 | 000,338,944 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/04/04 13:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 13:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/02/07 16:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2011/01/11 18:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 18:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/12/03 03:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/04/01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2009/10/03 18:05:20 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/19 18:41:11 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1007020.00A\ccHPx86.sys -- (ccHP)
DRV - [2009/08/18 13:11:43 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1007020.00A\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/18 13:11:43 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1007020.00A\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/18 13:11:43 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1007020.00A\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/18 13:11:43 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1007020.00A\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/18 13:11:17 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 19:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 19:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 19:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 18:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 17:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 16:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/11 13:34:11 | 000,293,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/05/27 01:59:28 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/05/27 01:59:28 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/05/08 19:14:21 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009/04/24 15:29:28 | 000,163,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/03/02 12:57:10 | 000,340,480 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2009/01/29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/04/28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2007/12/14 12:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/11/02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/04/23 11:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/20 15:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 78 61 50 01 92 F8 78 4E A4 17 9F B1 B9 AA 61 DF [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 78 61 50 01 92 F8 78 4E A4 17 9F B1 B9 AA 61 DF [binary data]

IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 78 61 50 01 92 F8 78 4E A4 17 9F B1 B9 AA 61 DF [binary data]
IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1410
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/09/14 12:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/14 12:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/26 14:28:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/26 14:28:18 | 000,000,000 | ---D | M]

[2010/12/13 22:57:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabzie\AppData\Roaming\Mozilla\Extensions
[2010/12/30 01:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabzie\AppData\Roaming\Mozilla\Firefox\Profiles\m7jd90lc.default\extensions
[2010/12/15 14:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/15 14:13:49 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/09/14 12:11:12 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX

O1 HOSTS File: ([2011/12/08 22:26:45 | 000,438,109 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15094 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [dlcqmon.exe] C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe ()
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TANU] C:\Program Files\TOSHIBA\TANU\TANU.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Gabzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Gabzie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55A30E48-C84D-40D1-8AEF-A0B2422CB07C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0953BCA-B4AB-470A-BA92-66328C9D0A90}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Gabzie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gabzie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6d378b18-fecf-11e0-8aa2-001e33c79d78}\Shell - "" = AutoRun
O33 - MountPoints2\{6d378b18-fecf-11e0-8aa2-001e33c79d78}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 05:51:40 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gabzie\Desktop\tdsskiller.exe
[2011/12/19 08:15:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Gabzie\Desktop\dds.scr
[2011/12/19 01:34:24 | 000,000,000 | ---D | C] -- C:\Users\Gabzie\AppData\Roaming\WinAVI
[2011/12/19 01:34:24 | 000,000,000 | ---D | C] -- C:\Users\Gabzie\AppData\Local\WinAVI
[2011/12/19 01:34:12 | 000,000,000 | ---D | C] -- C:\Users\Gabzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAVI Video Converter
[2011/12/19 01:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\WinAVI
[2011/12/13 18:23:55 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/12/13 13:39:19 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/12/13 13:39:19 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/13 13:39:19 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/12/13 13:39:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/13 13:39:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/12/13 13:39:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/13 13:39:18 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/12/13 13:39:18 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/13 13:39:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/12/13 13:39:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/13 13:39:17 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/12/13 13:39:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/13 13:39:10 | 002,340,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/13 13:39:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/13 13:38:38 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/13 13:38:36 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/13 13:38:32 | 003,957,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/13 13:38:32 | 003,901,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/09 19:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/09 19:54:10 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Gabzie\Desktop\mbam-setup.exe
[2011/12/08 21:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/08 21:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/08 21:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/21 12:36:11 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLCQhcp.dll

========== Files - Modified Within 30 Days ==========

[2011/12/20 12:35:27 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 12:35:27 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 11:47:20 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/12/20 11:47:20 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/12/20 08:21:20 | 140,953,924 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/12/20 07:19:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/20 05:53:31 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gabzie\Desktop\tdsskiller.exe
[2011/12/19 20:56:08 | 000,070,883 | ---- | M] () -- C:\Users\Gabzie\Documents\PhotoShare.png
[2011/12/19 20:51:21 | 000,182,323 | ---- | M] () -- C:\Users\Gabzie\Documents\Stuff 2.png
[2011/12/19 18:54:04 | 000,195,711 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/12/19 08:17:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Gabzie\Desktop\dds.scr
[2011/12/18 19:59:10 | 000,098,879 | ---- | M] () -- C:\Users\Gabzie\Desktop\2011-12-11_10-24-50_564.jpg
[2011/12/18 18:13:31 | 2212,888,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/17 07:53:49 | 314,359,125 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/13 21:06:36 | 000,372,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/11 10:22:25 | 000,628,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/11 10:22:25 | 000,108,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/09 19:55:28 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/09 19:54:13 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Gabzie\Desktop\mbam-setup.exe
[2011/12/09 14:44:50 | 001,008,120 | ---- | M] () -- C:\Users\Gabzie\Desktop\rkill.com
[2011/12/09 14:40:38 | 000,001,205 | ---- | M] () -- C:\Users\Gabzie\Desktop\FixNCR.reg
[2011/12/08 23:05:46 | 000,000,000 | -HS- | M] () -- C:\Users\Gabzie\AppData\Local\126130x4d750f512s108o7glk0c5
[2011/12/08 23:05:46 | 000,000,000 | -HS- | M] () -- C:\ProgramData\126130x4d750f512s108o7glk0c5
[2011/12/08 23:05:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/08 23:05:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/12/08 22:37:59 | 000,000,292 | ---- | M] () -- C:\Windows\wininit.ini
[2011/12/08 22:26:45 | 000,438,109 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/08 22:11:21 | 000,438,109 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111208-222645.backup
[2011/12/08 21:53:05 | 000,001,255 | ---- | M] () -- C:\Users\Gabzie\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/08 21:53:05 | 000,001,231 | ---- | M] () -- C:\Users\Gabzie\Desktop\Spybot - Search & Destroy.lnk
[2011/12/05 10:36:57 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/11/23 22:23:31 | 002,340,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files Created - No Company Name ==========

[2011/12/19 20:56:00 | 000,070,883 | ---- | C] () -- C:\Users\Gabzie\Documents\PhotoShare.png
[2011/12/19 20:51:21 | 000,182,323 | ---- | C] () -- C:\Users\Gabzie\Documents\Stuff 2.png
[2011/12/18 19:59:09 | 000,098,879 | ---- | C] () -- C:\Users\Gabzie\Desktop\2011-12-11_10-24-50_564.jpg
[2011/12/17 07:53:49 | 314,359,125 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/09 14:44:50 | 001,008,120 | ---- | C] () -- C:\Users\Gabzie\Desktop\rkill.com
[2011/12/09 14:40:34 | 000,001,205 | ---- | C] () -- C:\Users\Gabzie\Desktop\FixNCR.reg
[2011/12/08 23:05:46 | 000,000,000 | -HS- | C] () -- C:\Users\Gabzie\AppData\Local\126130x4d750f512s108o7glk0c5
[2011/12/08 23:05:46 | 000,000,000 | -HS- | C] () -- C:\ProgramData\126130x4d750f512s108o7glk0c5
[2011/12/08 23:05:45 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/08 23:05:45 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/12/08 22:37:59 | 000,000,292 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/08 21:55:44 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/12/08 21:53:05 | 000,001,255 | ---- | C] () -- C:\Users\Gabzie\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/08 21:53:05 | 000,001,231 | ---- | C] () -- C:\Users\Gabzie\Desktop\Spybot - Search & Destroy.lnk
[2011/06/18 12:38:17 | 000,001,240 | -HS- | C] () -- C:\Users\Gabzie\AppData\Local\62074q4e3ln8117s8j
[2011/06/18 12:38:17 | 000,001,240 | -HS- | C] () -- C:\ProgramData\62074q4e3ln8117s8j
[2011/06/16 07:33:46 | 000,338,944 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2011/06/14 15:46:41 | 000,001,496 | -HS- | C] () -- C:\Users\Gabzie\AppData\Local\5v2622g0y4yi4d3y2re0yqo425p8738364r4f5n384gliy7
[2011/06/14 15:46:41 | 000,001,496 | -HS- | C] () -- C:\ProgramData\5v2622g0y4yi4d3y2re0yqo425p8738364r4f5n384gliy7
[2011/05/12 14:11:43 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/12 14:11:43 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/12/15 14:15:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/13 23:05:40 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/12/13 22:33:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/10/09 00:26:48 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/10/09 00:26:48 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/09/15 09:14:05 | 000,000,953 | ---- | C] () -- C:\Program Files\Yahoo! Messenger.lnk
[2010/08/18 14:53:22 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/08/18 14:53:22 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7340.DAT
[2010/07/24 12:02:33 | 000,024,566 | ---- | C] () -- C:\Users\Gabzie\AppData\Roaming\UserTile.png
[2010/01/21 12:36:57 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2010/01/21 12:36:57 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2010/01/21 12:36:11 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLCQinst.dll
[2009/07/28 00:50:46 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/07/28 00:50:10 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,372,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,628,320 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,108,466 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 19:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/27 02:23:12 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/05/27 01:57:05 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2009/05/27 01:52:01 | 000,000,916 | ---- | C] () -- C:\Windows\System32\tosmreg.dat
[2009/05/27 00:58:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/05/27 00:53:20 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/05/03 22:04:45 | 000,209,040 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/05/03 22:04:45 | 000,204,944 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/05/03 22:04:45 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/05/03 22:04:45 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/05/03 22:04:45 | 000,192,656 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/05/03 22:04:45 | 000,024,720 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

< End of report >




OTL Extras logfile created on: 12/20/2011 12:34:31 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Gabzie\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 41.85% Memory free
5.49 Gb Paging File | 2.98 Gb Available in Paging File | 54.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.67 Gb Total Space | 40.03 Gb Free Space | 17.98% Space Free | Partition Type: NTFS
Drive D: | 3.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: GABZIEROCKS | User Name: Gabzie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{0C1A6FCA-0775-D2EB-526A-DC9653758959}" = Catalyst Control Center Graphics Full Existing
"{0C8BB75A-0866-4F05-91CF-EF6C250E0D67}" = AVG 2011
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{11208491-289A-4906-6BCF-2395B82AE50D}" = CCC Help Turkish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1AD559D4-9DBC-0CF5-2360-7DA195CC36B9}" = CCC Help Korean
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{21526716-DFD8-4B90-86D9-EF9F47057B3E}" = Toshiba Resources Page
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{23DA4222-E517-42B3-8F97-9CFD49E2A732}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{277021F7-387E-8508-6D81-D2F3AB37D010}" = CCC Help Czech
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A6B75A2-A3C4-8EAF-1954-9B4CBEA35513}" = Skins
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B7B87E3-90D5-4086-B921-31C24DF20166}" = AVG 2011
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{32760231-5911-2B7E-45FC-EB5F3C0C40E2}" = CCC Help Danish
"{364BF1A4-721C-E739-F66A-3A38CE4FACA3}" = CCC Help French
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{3A2CAA46-4933-6F74-A190-56513A696137}" = Catalyst Control Center InstallProxy
"{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0DC563-4C99-4AB1-8C22-514940666938}" = Catalyst Control Center - Branding
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A5F47C5-3F92-A1C4-DC7A-244882D97194}" = CCC Help Japanese
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{51AB6E77-4B57-7CB6-F2C7-AB87FDAC2EC3}" = CCC Help English
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E0D2CC-5693-D69B-C732-C956845A3F88}" = CCC Help Spanish
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5ED0BEE0-AC0C-F478-728F-9FBFADCEF8DB}" = CCC Help Chinese Traditional
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{619C8F04-BEB8-BD0F-4CC0-ABF922BE1E64}" = CCC Help German
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{70C335DB-BAE8-E513-A8E4-57351139C1AA}" = CCC Help Greek
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{727DAFCB-E3AF-46E3-8A38-EB9C3EAA0A88}" = AVG 2011
"{75B053D0-709C-8BC3-ADA3-923C3524062F}" = CCC Help Finnish
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7D543DFE-6459-462A-9A62-B5B012B1DCF1}" = AVG 2011
"{803259ED-7A67-4CB5-B6D7-281ED371091B}" = LogMeIn
"{80490945-CE48-45CF-9CCA-CA0EF44D9FE4}" = AVG 2011
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{878D8350-B789-ED78-2F7D-86A3A98E4FAB}" = CCC Help Hungarian
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9267E76A-77DC-D8E2-DDD6-7855487A1C4E}" = CCC Help Chinese Standard
"{9282C06B-7B63-37D7-D6FB-E8BBAAA81973}" = CCC Help Portuguese
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3317F2-518F-D18A-2E94-97B781DCE713}" = CCC Help Norwegian
"{A0D76D9F-8957-E8D5-A44F-3AEDE09E64D1}" = CCC Help Italian
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A98DDB09-6CC0-5EF4-AD51-7C4516E5DB61}" = ccc-utility
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}" = PlayReady PC runtime
"{B1FCFBC0-4169-E767-1F7E-F5A60E2EDBC1}" = Catalyst Control Center Graphics Previews Vista
"{B3B2C253-0AAA-075A-3BFE-63B23DB0826D}" = Catalyst Control Center Core Implementation
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{BE43988B-0BDC-4B15-D88F-CD01398CD8E7}" = Catalyst Control Center Graphics Light
"{BF5A20B4-55F7-49B8-9302-FAC7C459AF3D}" = Skype Launcher
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C6ADD182-21AA-14BE-7CB9-5AEF364F5406}" = Catalyst Control Center Localization All
"{C9622E7C-94E3-7828-F3F9-21076B7F770B}" = CCC Help Swedish
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D4AFD09A-1255-4E6D-4AD9-B076B97559D3}" = CCC Help Thai
"{DB90FF25-9932-48F2-B643-1802F1864FAF}" = AVG 2011
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DC53C564-A09A-DA0D-AA61-630AAF188857}" = CCC Help Polish
"{DD8D1F1D-7FA5-A563-143C-3860FD9537F0}" = Catalyst Control Center Graphics Full New
"{DDBECC63-7E39-076D-F638-4DF15EB20298}" = CCC Help Dutch
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09863DF-93B4-5A14-0DA6-1BA841CFFB85}" = ccc-core-static
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{E7C92C22-436B-46C4-AAF2-80C4C569A55F}" = AVG 2011
"{E8620372-B4D4-92C1-BD12-DBE2FF0F58C2}" = CCC Help Russian
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 966" = Dell Photo AIO Printer 966
"DVDFab 7_is1" = DVDFab 7.0.9.3 (08/08/2010)
"FrostWire" = FrostWire 4.18.3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0
"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)
"NIS" = Norton Internet Security
"Picasa 3" = Picasa 3
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 1.1.5
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinAVI Video Converter" = WinAVI Video Converter
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:56 PM

Posted 21 December 2011 - 02:54 AM

Hi Gaby5376!

You're welcome!

Did you happen to set this proxy in Internet Explorer?

IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*


We need to first disable TeaTimer as it's going to interfere with our fixes.

Disable SpyBot TeaTimer
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 Gaby5376

Gaby5376
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 21 December 2011 - 10:29 AM

I did the first part with SpyBot but i can't get ComboFix to save in my desktop. It gave me an error message the first time that said files could not be changed and you cannot save to this location. This happens with everthing i try to put on my desktop. i tried and after that it just says download failed. Can I save it somewhere else?

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:56 PM

Posted 22 December 2011 - 10:41 AM

Okay.

Can you try saving it to your root directory (C:\ drive)??

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 Gaby5376

Gaby5376
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 23 December 2011 - 10:30 AM

I'm trying to run ComboFix but i can't figure out how to disable Lavasoft Ad-Watch Live and Lavasoft Ad-Watch Live Antivirus. There is no icon that shows up in my system tray. Help!

#9 Gaby5376

Gaby5376
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 27 December 2011 - 11:22 PM

I actually ran combofix twice, the first time I closed the window before the log was generated. SweetTech I appreciate all the help, let me know if you spot anything additional but google isn't redirecting anymore. yay

ComboFix 11-12-27.01 - Gabzie 12/27/2011 21:47:42.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2814.1822 [GMT -6:00]
Running from: c:\users\Gabzie\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
---- Previous Run -------
.
c:\programdata\126130x4d750f512s108o7glk0c5
c:\users\Gabzie\AppData\Roaming\Microsoft\Windows\Templates\126130x4d750f512s108o7glk0c5
c:\windows\$NtUninstallKB22983$\1100914659
c:\windows\$NtUninstallKB22983$\3438908734\@
c:\windows\$NtUninstallKB22983$\3438908734\bckfg.tmp
c:\windows\$NtUninstallKB22983$\3438908734\cfg.ini
c:\windows\$NtUninstallKB22983$\3438908734\Desktop.ini
c:\windows\$NtUninstallKB22983$\3438908734\keywords
c:\windows\$NtUninstallKB22983$\3438908734\kwrd.dll
c:\windows\$NtUninstallKB22983$\3438908734\L\nzekixwm
c:\windows\$NtUninstallKB22983$\3438908734\lsflt7.ver
c:\windows\$NtUninstallKB22983$\3438908734\U\00000001.@
c:\windows\$NtUninstallKB22983$\3438908734\U\00000002.@
c:\windows\$NtUninstallKB22983$\3438908734\U\00000004.@
c:\windows\$NtUninstallKB22983$\3438908734\U\80000000.@
c:\windows\$NtUninstallKB22983$\3438908734\U\80000004.@
c:\windows\$NtUninstallKB22983$\3438908734\U\80000032.@
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 )))))))))))))))))))))))))))))))
.
.
2011-12-28 04:00 . 2011-12-28 04:06 -------- d-----w- c:\users\Gabzie\AppData\Local\temp
2011-12-28 04:00 . 2011-12-28 04:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-23 05:02 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-23 04:16 . 2011-12-23 04:16 -------- d-----w- c:\users\Gabzie\AppData\Roaming\AVG2012
2011-12-23 04:16 . 2011-12-23 04:36 -------- d-----w- c:\programdata\AVG2012
2011-12-19 07:34 . 2011-12-19 07:34 -------- d-----w- c:\users\Gabzie\AppData\Roaming\WinAVI
2011-12-19 07:34 . 2011-12-19 07:34 -------- d-----w- c:\users\Gabzie\AppData\Local\WinAVI
2011-12-19 07:34 . 2011-12-19 07:34 -------- d-----w- c:\program files\WinAVI
2011-12-14 00:23 . 2011-12-14 00:23 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-12-13 19:38 . 2011-10-15 05:48 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 19:38 . 2011-10-26 04:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 19:38 . 2011-10-26 04:42 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-13 19:38 . 2011-10-26 04:42 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-10 01:55 . 2011-12-10 01:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-09 03:52 . 2011-12-09 05:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-09 03:52 . 2011-12-09 04:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 18:44 . 2011-01-05 06:46 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-11-26 00:13 . 2011-11-26 00:13 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-15 20:07 . 2011-11-15 20:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 20:02 . 2011-02-21 03:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-09-29 15:43 . 2011-11-09 04:34 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Gabzie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Gabzie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Gabzie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1451304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-13 6965792]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
"cfFncEnabler.exe"="c:\program files\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"dlcqmon.exe"="c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe" [2007-01-12 292336]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-13 299008]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-12-18 448376]
"TANU"="c:\program files\TOSHIBA\TANU\TANU.exe" [2009-03-28 263560]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-04-15 1318912]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1007616]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-07 468320]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=&inst=NzctNTIzMjg2MjA2LUYxME0xMEQrMi1GTDEwKzEtTElDKzgtU1AxKzEtU1AxVEIrMS1TVVArMi1TUDFTMisxLUREVCsyNTQwLUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBVCsyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQk4rMQ&prod=0&ver=10.0.1416" [?]
.
c:\users\Gabzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Gabzie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-12-12 08:22 312200 ----a-w- c:\program files\Dell PC Fax\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2011-01-12 00:04 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-12-12 08:22 304008 ----a-w- c:\program files\Dell Photo AIO Printer 966\memcard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-03-13 01:11 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-05-27 101936]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-02-07 11008]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-14 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-06-08 374152]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00A\SYMEFA.SYS [2009-08-18 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1007020.00A\BHDrvx86.sys [2009-08-18 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1007020.00A\ccHPx86.sys [2009-08-20 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090810.001\IDSvix86.sys [2009-07-11 293424]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2011-09-19 87368]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-01-12 12856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe [2009-08-18 117640]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-02-19 57344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-15 176128]
S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 73728]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
xmlpros REG_MULTI_SZ XMLProvS
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Gabzie\AppData\Roaming\Mozilla\Firefox\Profiles\m7jd90lc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
MSConfigStartUp--401224575 - c:\users\Gabzie\AppData\Local\Temp\thpm7136295296377959427.tmp
AddRemove-AVG - c:\program files\AVG\AVG2012\avgmfapx.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1943577299-1749160357-1101987479-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{0C355971-3142-40AA-9D0B-CE2B797C4528}"=""
"{35F7FE9E-415B-4FC1-BD6E-E7C2CAF0742D}"=""
"{1BD41BC6-780C-41FC-A2F0-46B2BB5AEDB2}"=""
"{C5E1EED4-8828-47CC-BBA0-0506ADACCEF8}"=""
"{9CF9C70A-CA75-42DD-9C1D-977B72EFE7BC}"=""
"{8E03AEDF-0697-40E3-AB60-D1FC19B4570A}"=""
"{A4DF72F8-9574-4811-B217-5F465B68AF52}"=""
"{7398681D-458D-4E11-9C97-E9A3897E337C}"=""
"{0168E31D-4057-4C1D-8BEE-BA394F1EA4B8}"=""
"{C2CDC14A-4043-4F0B-B195-E3C31312E779}"=""
"{A27AE48F-5146-412B-9488-1DF427CD1757}"=""
"{1D4651A5-06C0-4A7B-A95E-0CD15700B7D8}"=""
"{1769DE86-6268-49A4-AB8A-A35CFAAC8CE2}"=""
"{EEC4E96A-CB5C-411D-88DE-73C1F7851BA4}"=""
"{BB335A37-5759-4624-98CB-B687A3158FF9}"=""
"{C9B6BAA6-47D4-4209-84EA-9E610E497190}"=""
"{7C0BC099-2392-47AF-9AD9-77D60155D1A0}"=""
"{676D6B53-7590-4DFE-8DFA-3A0D003399B1}"=""
"{957E241F-1551-497C-B962-91963FA31276}"=""
"{079DB3E8-B134-4C79-B067-3E52B2705F3C}"=""
"{80587C87-5CB1-464B-BF7C-9FB344F25B88}"=""
"{84745536-500F-42CF-84B8-2D34C6FD91D6}"=""
"{E3DF142D-C821-4EE0-B313-B4E3D0602A2D}"=""
"{2B411D94-6A88-4B22-A420-08D153AA6297}"=""
"{7929C675-95C5-4875-B082-9075C4AEEC2B}"=""
"{20153831-3D4D-4B8E-8647-DD1042C36226}"=""
"{3ABA4CBE-ABB3-4CB0-8D8B-12FCAD512FBE}"=""
"{08555C00-E77C-437C-AF2D-89747CF342F1}"=""
"{DBC56B85-B58D-4C30-A958-211D423B8F69}"=""
"{B7EEC355-9F03-4E5E-B5E0-F09971ACC0A5}"=""
"{762DA896-F84C-495F-9973-1EA051D4214F}"=""
"{D51D91C6-6EA4-4DC4-887C-9B497F4664F6}"=""
"{7F907D6D-6F77-41D4-A6FD-2DFF63491843}"=""
"{6A4813E5-CCEC-4C5B-9FCD-5B5CA2FC3B2F}"=""
"{137978F5-B537-4C08-B353-B1F26565E958}"=""
"{7ADF85E9-42C8-43D3-BFE2-FDC39F207472}"=""
"{C5294B4C-357B-4BC8-9ADB-A3742D7DA76B}"=""
"{B5D329B8-8E41-4F7D-9C12-0C737B87FCA8}"=""
"{D257D178-908D-4FA7-AE59-890CC80223BB}"=""
"{BE91AB6C-4CB5-4132-82B9-EBD35D60213D}"=""
"{7A71945C-7BAF-4693-A9FB-2E4604A97773}"=""
"{9B295BE8-3D1B-4AF8-855F-A20889DC6E62}"=""
"{C5C24F85-9C3E-440F-B5F9-9C778A295906}"=""
"{DEA876FF-A96C-4A1C-B660-63F4E35D7208}"=""
"{2EE903F2-7493-44FC-9B4C-3E11D883BAE1}"=""
"{54064551-4B65-41D7-82ED-AFF2AA42539A}"=""
"{59C2DA9A-4BD7-4A5D-B036-6A34A90A3AAD}"=""
"{60B3BFE3-2A0E-424B-B44D-A48DA284F036}"=""
"{B12D2270-AE4B-412B-925A-340E29E8E648}"=""
"{2626A6EF-751A-444A-8D15-792A9AF73D34}"=""
"{3E5B557D-9D1B-4AD1-A354-13BAF225492D}"=""
"{47F8D8BC-A2A4-42CE-9613-16ED0DD89F52}"=""
"{CEA0459E-43AF-4951-BD18-7B0A978FEDEC}"=""
"{E34A7C31-42EF-46D5-B922-141F6BFC5A6B}"=""
"{41F8A10A-4BB5-404C-AF22-A36D27E7EE59}"=""
"{AC2BC11D-96F0-444E-8C83-D0AEE38C1B8B}"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(876)
c:\users\Gabzie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskmgr.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2011-12-27 22:12:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-28 04:12
.
Pre-Run: 49,836,335,104 bytes free
Post-Run: 49,670,184,960 bytes free
.
- - End Of File - - D454C825B9E58EDE1721111BAAE66AA5

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:56 PM

Posted 28 December 2011 - 02:57 AM

Good Evening!

Apologizes in the delay in responding back to you. I did not intend to make you wait this long for a response, but with the holidays, and then getting sick, it couldn't of been helped. I should be back to posting at more regular intervals now. I hope you are enjoying the holidays!

It looks like ComboFix did its job and found a couple of issues that it needed to fix.

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 Gaby5376

Gaby5376
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 28 December 2011 - 10:12 PM

Hey ST, so i ran Malware and it came up with no threats and didn't have a log, these are the next two thing you asked me to run.. Hope you had a nice holiday and you're feeling better!


C:\Qoobox\Quarantine\C\Windows\system32\Drivers\afd.sys.vir Win32/Sirefef.DA trojan
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\afd.sys.vir_ Win32/Sirefef.DA trojan
C:\Users\Gabzie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\55fef8d-7d3b4534 a variant of Java/TrojanDownloader.OpenConnection.AQ trojan
C:\Users\Gabzie\Downloads\installer_dvdfab_hd_decrypter_7_0_9_3_English.exe Win32/Toggle application
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys Win32/Sirefef.DA trojan



Results of screen317's Security Check version 0.99.30
Windows 7 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

AVG 2011
ESET Online Scanner v3
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
CCleaner
Java™ 6 Update 11
Java version out of date!
Adobe Flash Player 10.3.183.11 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.5.19) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
``````````End of Log````````````

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:56 PM

Posted 29 December 2011 - 03:47 AM

Hi Gaby5376!

It looks like ESET found some threats.

Lets remove them.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
C:\Users\Gabzie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\55fef8d-7d3b4534
C:\Users\Gabzie\Downloads\installer_dvdfab_hd_decrypter_7_0_9_3_English.exe
Restore::
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
FileLook::
C:\Windows\system32\drivers\afd.sys

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 Gaby5376

Gaby5376
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 30 December 2011 - 01:21 AM

here is the log, it started like the old type of scan but opened up another window and deleted a bunch of the programs you listed in that txt file.

ComboFix 11-12-29.05 - Gabzie 12/29/2011 23:56:17.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2814.1765 [GMT -6:00]
Running from: c:\users\Gabzie\Desktop\ComboFix.exe
Command switches used :: c:\users\Gabzie\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Gabzie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\55fef8d-7d3b4534"
"c:\users\Gabzie\Downloads\installer_dvdfab_hd_decrypter_7_0_9_3_English.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gabzie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\55fef8d-7d3b4534
c:\users\Gabzie\Downloads\installer_dvdfab_hd_decrypter_7_0_9_3_English.exe
c:\windows\isRS-000.tmp
.
c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 06:07 . 2011-12-30 06:09 -------- d-----w- c:\users\Gabzie\AppData\Local\temp
2011-12-30 06:07 . 2011-12-30 06:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-29 00:18 . 2011-12-29 00:18 -------- d-----w- c:\program files\ESET
2011-12-23 05:02 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-23 04:16 . 2011-12-23 04:16 -------- d-----w- c:\users\Gabzie\AppData\Roaming\AVG2012
2011-12-23 04:16 . 2011-12-23 04:36 -------- d-----w- c:\programdata\AVG2012
2011-12-19 07:34 . 2011-12-19 07:34 -------- d-----w- c:\users\Gabzie\AppData\Roaming\WinAVI
2011-12-19 07:34 . 2011-12-19 07:34 -------- d-----w- c:\users\Gabzie\AppData\Local\WinAVI
2011-12-19 07:34 . 2011-12-19 07:34 -------- d-----w- c:\program files\WinAVI
2011-12-14 00:23 . 2011-12-14 00:23 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-12-13 19:38 . 2011-10-15 05:48 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 19:38 . 2011-10-26 04:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 19:38 . 2011-10-26 04:42 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-13 19:38 . 2011-10-26 04:42 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-10 01:55 . 2011-12-29 00:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-09 03:52 . 2011-12-09 05:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-09 03:52 . 2011-12-09 04:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 18:44 . 2011-01-05 06:46 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-12-10 21:24 . 2010-12-14 05:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 00:13 . 2011-11-26 00:13 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-15 20:07 . 2011-11-15 20:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 20:02 . 2011-02-21 03:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\afd.sys ---
Company: Microsoft Corporation
File Description: Ancillary Function Driver for WinSock
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: afd.sys.mui
File size: 338944
Created time: 2011-12-23 05:02
Modified time: 2011-04-25 02:35
MD5: 0DB7A48388D54D154EBEC120461A0FCD
SHA1: 5E6A6414708DDF58386289667639703D52EC5BA3
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Gabzie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Gabzie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Gabzie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1451304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-13 6965792]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
"cfFncEnabler.exe"="c:\program files\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"dlcqmon.exe"="c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe" [2007-01-12 292336]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-13 299008]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-12-18 448376]
"TANU"="c:\program files\TOSHIBA\TANU\TANU.exe" [2009-03-28 263560]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-04-15 1318912]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1007616]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-07 468320]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=&inst=NzctNTIzMjg2MjA2LUYxME0xMEQrMi1GTDEwKzEtTElDKzgtU1AxKzEtU1AxVEIrMS1TVVArMi1TUDFTMisxLUREVCsyNTQwLUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBVCsyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQk4rMQ&prod=0&ver=10.0.1416" [?]
.
c:\users\Gabzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Gabzie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-12-12 08:22 312200 ----a-w- c:\program files\Dell PC Fax\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2011-01-12 00:04 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-12-12 08:22 304008 ----a-w- c:\program files\Dell Photo AIO Printer 966\memcard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-03-13 01:11 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-05-27 101936]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-02-07 11008]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-14 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-06-08 374152]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00A\SYMEFA.SYS [2009-08-18 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1007020.00A\BHDrvx86.sys [2009-08-18 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1007020.00A\ccHPx86.sys [2009-08-20 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090810.001\IDSvix86.sys [2009-07-11 293424]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2011-09-19 87368]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-01-12 12856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe [2009-08-18 117640]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-02-19 57344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-15 176128]
S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 73728]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
xmlpros REG_MULTI_SZ XMLProvS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Gabzie\AppData\Roaming\Mozilla\Firefox\Profiles\m7jd90lc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1943577299-1749160357-1101987479-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{0C355971-3142-40AA-9D0B-CE2B797C4528}"=""
"{35F7FE9E-415B-4FC1-BD6E-E7C2CAF0742D}"=""
"{1BD41BC6-780C-41FC-A2F0-46B2BB5AEDB2}"=""
"{C5E1EED4-8828-47CC-BBA0-0506ADACCEF8}"=""
"{9CF9C70A-CA75-42DD-9C1D-977B72EFE7BC}"=""
"{8E03AEDF-0697-40E3-AB60-D1FC19B4570A}"=""
"{A4DF72F8-9574-4811-B217-5F465B68AF52}"=""
"{7398681D-458D-4E11-9C97-E9A3897E337C}"=""
"{0168E31D-4057-4C1D-8BEE-BA394F1EA4B8}"=""
"{C2CDC14A-4043-4F0B-B195-E3C31312E779}"=""
"{A27AE48F-5146-412B-9488-1DF427CD1757}"=""
"{1D4651A5-06C0-4A7B-A95E-0CD15700B7D8}"=""
"{1769DE86-6268-49A4-AB8A-A35CFAAC8CE2}"=""
"{EEC4E96A-CB5C-411D-88DE-73C1F7851BA4}"=""
"{BB335A37-5759-4624-98CB-B687A3158FF9}"=""
"{C9B6BAA6-47D4-4209-84EA-9E610E497190}"=""
"{7C0BC099-2392-47AF-9AD9-77D60155D1A0}"=""
"{676D6B53-7590-4DFE-8DFA-3A0D003399B1}"=""
"{957E241F-1551-497C-B962-91963FA31276}"=""
"{079DB3E8-B134-4C79-B067-3E52B2705F3C}"=""
"{80587C87-5CB1-464B-BF7C-9FB344F25B88}"=""
"{84745536-500F-42CF-84B8-2D34C6FD91D6}"=""
"{E3DF142D-C821-4EE0-B313-B4E3D0602A2D}"=""
"{2B411D94-6A88-4B22-A420-08D153AA6297}"=""
"{7929C675-95C5-4875-B082-9075C4AEEC2B}"=""
"{20153831-3D4D-4B8E-8647-DD1042C36226}"=""
"{3ABA4CBE-ABB3-4CB0-8D8B-12FCAD512FBE}"=""
"{08555C00-E77C-437C-AF2D-89747CF342F1}"=""
"{DBC56B85-B58D-4C30-A958-211D423B8F69}"=""
"{B7EEC355-9F03-4E5E-B5E0-F09971ACC0A5}"=""
"{762DA896-F84C-495F-9973-1EA051D4214F}"=""
"{D51D91C6-6EA4-4DC4-887C-9B497F4664F6}"=""
"{7F907D6D-6F77-41D4-A6FD-2DFF63491843}"=""
"{6A4813E5-CCEC-4C5B-9FCD-5B5CA2FC3B2F}"=""
"{137978F5-B537-4C08-B353-B1F26565E958}"=""
"{7ADF85E9-42C8-43D3-BFE2-FDC39F207472}"=""
"{C5294B4C-357B-4BC8-9ADB-A3742D7DA76B}"=""
"{B5D329B8-8E41-4F7D-9C12-0C737B87FCA8}"=""
"{D257D178-908D-4FA7-AE59-890CC80223BB}"=""
"{BE91AB6C-4CB5-4132-82B9-EBD35D60213D}"=""
"{7A71945C-7BAF-4693-A9FB-2E4604A97773}"=""
"{9B295BE8-3D1B-4AF8-855F-A20889DC6E62}"=""
"{C5C24F85-9C3E-440F-B5F9-9C778A295906}"=""
"{DEA876FF-A96C-4A1C-B660-63F4E35D7208}"=""
"{2EE903F2-7493-44FC-9B4C-3E11D883BAE1}"=""
"{54064551-4B65-41D7-82ED-AFF2AA42539A}"=""
"{59C2DA9A-4BD7-4A5D-B036-6A34A90A3AAD}"=""
"{60B3BFE3-2A0E-424B-B44D-A48DA284F036}"=""
"{B12D2270-AE4B-412B-925A-340E29E8E648}"=""
"{2626A6EF-751A-444A-8D15-792A9AF73D34}"=""
"{3E5B557D-9D1B-4AD1-A354-13BAF225492D}"=""
"{47F8D8BC-A2A4-42CE-9613-16ED0DD89F52}"=""
"{CEA0459E-43AF-4951-BD18-7B0A978FEDEC}"=""
"{E34A7C31-42EF-46D5-B922-141F6BFC5A6B}"=""
"{41F8A10A-4BB5-404C-AF22-A36D27E7EE59}"=""
"{DD413BCA-83FC-4C46-B3BA-B75B58A153D9}"=""
"{4748D15F-C07F-453C-A908-069DBEF8AC3E}"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3032)
c:\users\Gabzie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\taskhost.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-12-30 00:15:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-30 06:15
ComboFix2.txt 2011-12-28 04:12
.
Pre-Run: 45,144,956,928 bytes free
Post-Run: 44,820,377,600 bytes free
.
- - End Of File - - 61770E0E3A12D65F8B61D4BC3F6805B8

Edited by Gaby5376, 30 December 2011 - 01:23 AM.


#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:56 PM

Posted 30 December 2011 - 02:10 AM

Good Evening!

I need to have you run another ComboFix script to replace an infected file.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
FCopy::
c:\windows\system32\drivers\afd.sys | c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
FileLook::
c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT:


I would also like to see a list of files quarantined by ComboFix, so please do this:

Go to Start > Computer > C:\ drive.

Click on the Qoobox folder.

Lpcate a file named: ComboFix-quarantined-files.txt. Double click on it.

A text file should open. Post the contents of that file in your next reply.

Edited by SweetTech, 30 December 2011 - 02:10 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 Gaby5376

Gaby5376
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 30 December 2011 - 11:46 AM

here yah go

2011-12-30 06:06:27 . 2011-12-30 06:06:27 0 ----a-w- C:\Qoobox\Quarantine\Replicators\Replicator_2.txt
2011-12-30 05:55:32 . 2011-12-30 05:55:32 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2011-12-29 00:02:42 . 2011-12-29 00:02:42 709,968 ----a-w- C:\Qoobox\Quarantine\C\Windows\isRS-000.tmp.vir
2011-12-28 04:11:07 . 2011-12-28 04:11:07 932 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-AVG.reg.dat
2011-12-28 04:10:34 . 2011-12-28 04:10:34 930 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp--401224575.reg.dat
2011-12-28 04:10:23 . 2011-12-28 04:10:23 143 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-AVG_TRAY.reg.dat
2011-12-23 05:19:45 . 2011-12-30 06:02:13 18,476 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-12-23 01:11:08 . 2011-12-30 05:55:32 594 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-12-21 22:22:46 . 2011-12-22 13:43:12 1,536 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB22983$\3438908734\U\00000001.@.vir
2011-12-20 12:33:56 . 2011-12-20 12:46:11 11,264 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB22983$\3438908734\U\80000000.@.vir
2011-12-20 08:42:40 . 2011-12-20 08:46:07 97,792 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB22983$\3438908734\U\80000032.@.vir
2011-12-09 05:05:46 . 2011-12-09 05:05:46 0 ----a-w- C:\Qoobox\Quarantine\C\Users\Gabzie\AppData\Roaming\Microsoft\Windows\Templates\126130x4d750f512s108o7glk0c5.vir
2011-12-09 05:05:46 . 2011-12-09 05:05:46 0 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\126130x4d750f512s108o7glk0c5.vir
2011-12-08 09:13:34 . 2011-12-23 04:10:25 264 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB22983$\3438908734\keywords.vir
2011-12-08 08:59:46 . 2011-12-23 02:58:25 5,176 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB22983$\3438908734\lsflt7.ver.vir
2011-12-08 08:55:00 . 2011-12-23 04:48:07 223,744 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB22983$\3438908734\kwrd.dll.vir
2011-12-08 08:55:00 . 2011-12-23 04:58:07 814 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB22983$\3438908734\bckfg.tmp.vir
2011-12-08 08:54:54 . 2011-12-08 08:54:54 2,048 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB22983$\3438908734\@.vir
2011-12-08 08:54:54 . 2011-12-23 04:48:07 208 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB22983$\3438908734\cfg.ini.vir
2011-12-08 08:54:54 . 2011-12-08 08:54:54 338,944 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB22983$\3438908734\L\nzekixwm.vir
2011-12-08 08:54:54 . 2011-12-23 04:47:30 4,608 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB22983$\3438908734\Desktop.ini.vir
2011-12-08 08:54:42 . 2011-12-08 08:54:42 0 -c--a-we C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB22983$\1100914659.vir
2011-12-08 08:53:59 . 2011-12-08 08:53:59 3,949 ----a-w- C:\Qoobox\Quarantine\C\Users\Gabzie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\55fef8d-7d3b4534.vir
2011-12-02 12:07:49 . 2011-12-08 08:54:58 224,768 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB22983$\3438908734\U\00000002.@.vir
2011-11-29 13:10:08 . 2011-12-08 08:54:58 12,800 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB22983$\3438908734\U\80000004.@.vir
2011-11-02 17:48:14 . 2011-12-08 08:54:57 1,024 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB22983$\3438908734\U\00000004.@.vir
2011-06-16 13:33:46 . 2011-04-25 02:35:40 338,944 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\Drivers\afd.sys.vir
2011-06-16 13:33:46 . 2011-04-25 02:35:40 338,944 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\Drivers\afd.sys.vir_
2011-06-16 13:33:46 . 2011-04-25 02:35:40 338,944 ----a-w- C:\Qoobox\Quarantine\C\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys.vir
2010-08-16 23:22:11 . 2010-08-16 23:22:12 2,844,891 ----a-w- C:\Qoobox\Quarantine\C\Users\Gabzie\Downloads\installer_dvdfab_hd_decrypter_7_0_9_3_English.exe.vir
2009-07-13 23:34:20 . 2009-07-14 01:14:43 26,112 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\userinit.exe.vir
2009-05-05 02:32:16 . 2008-12-17 18:07:02 4,096 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\Thumbs.db.vir




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users