Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess


  • This topic is locked This topic is locked
48 replies to this topic

#1 sedonaj

sedonaj

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 06 March 2012 - 08:36 PM

Hi Bleeping Computer Representatives,

Thank you for being around to help.

I ran MBAM and it gave the log below.
I then ran Eset Online scanner and it said 5 files were infected. 4 were removed and quarentined. WIN32/adware Yontoo.a & Yontoo.b. The 5th one said it was in OPERATING MEMORY and it's the Yontoo.B. This one could not be removed by the Eset online scanner.

WIN XP SP3, in Add Remove / Programs - there is a Yontoo Layers Runtime (Drop Down Deals) 1.10.01 that I cannot remove / uninstall. I get "set-up initialization error".

I started Combofix (against the recommendations, I know. I'm sorry but it didn't work anyway) Combofix said AVG 2012 is running, but it's not or at least I don't see it anywhere. And then I click the X to close Combofix instead of clicking Okay because I don't want to proceed now, but Combo fix doesn't close when I hit the X, then it said I had Rootkit.zeroaccess. And then it stalled, I "ended programed" on combofix. So that's where I am at. I included the Catchme file from Combofix, it didn't get far enough to create a log.

MBAM log:
Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 6
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\ToshibaUser\Local Settings\Application Data\xhb.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\ToshibaUser\Local Settings\Application Data\xhb.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\ToshibaUser\Local Settings\Application Data\xhb.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\ToshibaUser\My Documents\lpsm57j2.exe (Rogue.Chameleon2012) -> Quarantined and deleted successfully.
C:\Documents and Settings\ToshibaUser\Local Settings\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

I disabled AVAST FREE.

I ran DeFogger and all it said was Finished. It never asked to Reboot.

When I run DDS, it says it shouldn't take more than 3 minutes to finish, but I'm on 10 minutes and ########## scan indicator is 3/4 across the screen and not moving anymore. If I move the mouse, it has a delayed slowed response. I can't ALT CNTRL DEL out of it, I have to shut the computer down by the switch. On reboot, I ran RKILL to see if something was interferring, it comes back blank under the Processed it stopped. I rebooted and tried running DDS twice. Same response. I can't complete DDS.

Addtitionally, if I try to click on Adobe X, I see it open for a half a second and then it is gone. PDF files that I have on my desk top are trying to open with Microsoft Picture Viewer, and each time I tell XP to open with Adobe X, I see it flash and then its gone. (similiar to how if you type IPCONFIG in the run box, you get a flash of the CMD screen, but then it's gone).

From the time I did try Combo Fix, there is text in Qoobox titled catchme which says this:

-------- 2012-02-03 - 10:14:36 -------------


-------- 2012-02-03 - 10:25:08 -------------

file zipped: C:\WINDOWS\$NtUninstallKB30626$\1583373236 -> _1583373236_.zip -> 1583373236 ( 0 bytes )
error: C:\WINDOWS\$NtUninstallKB30626$\1583373236 is not a PE file
kill file error: C:\WINDOWS\$NtUninstallKB30626$\1583373236, The file can not be accessed by the system.

-------- 2012-02-03 - 13:06:04 -------------


-------- 2012-02-03 - 13:15:08 -------------


I disconnected my WIFI connection just so the computer can't communicate and half way through the GMER scan I watched the WIFI start on its own and try to connect. The connect through a Proxy box is not checked on IE8.


I was able to do a GMER file: It's attached because when I copied to the post, it says the POST is too long. it's titled. ark.txt


I was hoping one of you would be kind enough to give me a hand of assistance.

Thanks

Jay

Attached Files

  • Attached File  ark.txt   262.98KB   4 downloads


BC AdBot (Login to Remove)

 


#2 sedonaj

sedonaj
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 06 March 2012 - 10:26 PM

Since I can't get the DDS to work, here is the OTL:

OTL logfile created on: 3/6/2012 9:11:55 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = D:\Computer Tools
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 562.98 Mb Available Physical Memory | 55.02% Memory free
2.41 Gb Paging File | 2.02 Gb Available in Paging File | 83.79% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 36.76 Gb Free Space | 65.78% Space Free | Partition Type: NTFS
Drive D: | 3.81 Gb Total Space | 2.67 Gb Free Space | 70.01% Space Free | Partition Type: FAT32

Computer Name: TOSHIBA-USER | User Name: ToshibaUser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\Computer Tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSServ.exe (TOSHIBA)
PRC - C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TME3\TMERzCtl.exe (TOSHIBA)
PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Toshiba\TME3\TMESRV31.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\TAudEffect\TAudEff.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\TME3\TMETEMnu.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TapButton\TapButt.exe ( )
PRC - C:\Toshiba\IVP\ISM\pinger.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TFNF5.exe (TOSHIBA Corp.)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
PRC - C:\Symbol Commander\Sensiva.exe (Sensiva, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\12030600\algo.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.0.3705\system\1.0.3300.0__b77a5c561934e089_9b4398f1\system.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_924d0209\mscorlib.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
MOD - c:\windows\assembly\gac\system\1.0.3300.0__b77a5c561934e089\system.dll ()
MOD - C:\WINDOWS\assembly\GAC\SKLibrary\1.7.2600.5512__31bf3856ad364e35\SKLibrary.dll ()
MOD - C:\WINDOWS\assembly\GAC\SoftKeyboardLogic\1.7.2600.5512__31bf3856ad364e35\SoftKeyboardLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC\Interop.SoftKeyboardInterface\1.7.2600.5512__31bf3856ad364e35\Interop.SoftKeyboardInterface.dll ()
MOD - c:\windows\assembly\gac\interop.tipcomponents\1.7.2600.2180__31bf3856ad364e35\interop.tipcomponents.dll ()
MOD - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtLoad.dll ()
MOD - C:\WINDOWS\system32\TosBtAcc.dll ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
MOD - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
MOD - C:\Program Files\Intel\Wireless\Bin\libeay32.dll ()
MOD - C:\WINDOWS\system32\TosHidAPI.dll ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtWrp.dll ()
MOD - C:\Symbol Commander\zlib.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (CLEARWIRERcAppSvc) -- C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (SMSI Device Launch Service) -- C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
SRV - (clearwireDeviceDiagnosticsService) -- C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe ()
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (OwnershipProtocol) -- C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe (Intel Corporation)
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (Tmesrv) -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe (TOSHIBA)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd.)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MRENDIS5) -- File not found
DRV - (MREMPR5) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- File not found
DRV - (ATMFVsp) -- File not found
DRV - (ATMFNVsp) -- File not found
DRV - (ATMFNET) -- File not found
DRV - (ATMFMdm) -- File not found
DRV - (ATMFFLT) -- File not found
DRV - (ATMFCVsp) -- File not found
DRV - (ATMFBUS) -- File not found
DRV - (.avgtdix) -- File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\WINDOWS\system32\drivers\SWNC5E00.sys (Sierra Wireless Inc.)
DRV - (swmx00) Sierra Wireless USB MUX Driver (#00) -- C:\WINDOWS\system32\drivers\swmx00.sys (Sierra Wireless Inc.)
DRV - (swmsflt) -- C:\WINDOWS\system32\drivers\swmsflt.sys ()
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (Smith Micro Inc.)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (bcm) -- C:\WINDOWS\system32\drivers\drxvi314.sys (Beceem communications pvt ltd.)
DRV - (bcmbusctr) -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys (Beceem communications pvt ltd.)
DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (IWCA) -- C:\WINDOWS\system32\drivers\iwca.sys (Intel Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\TosRfhid.sys (TOSHIBA Corporation.)
DRV - (TMEI3E) -- C:\WINDOWS\system32\drivers\TMEI3E.sys (Toshiba Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\TosRfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\Tosrfec.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\Tosporte.sys (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (TVALZ) -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS (TOSHIBA Corporation)
DRV - (TEchoCan) -- C:\WINDOWS\system32\drivers\TEchoCan.sys (TOSHIBA Corporation)
DRV - (TMicAry) -- C:\WINDOWS\system32\drivers\TMicAry.sys (TOSHIBA Corporation)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsubleepa Electric Industrial Co.,Ltd.)
DRV - (w22n51) Intel® -- C:\WINDOWS\system32\drivers\w22n51.sys (Intel® Corporation)
DRV - (w70n51) Intel® -- C:\WINDOWS\system32\drivers\w70n51.sys (Intel® Corporation)
DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (TBtnKey) -- C:\WINDOWS\system32\drivers\TBtnKey.sys (TOSHIBA)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes\{8BF9435F-E5B2-403A-97C1-625EB65E697A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=OVO2&o=2159&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^A2E&apn_dtid=^YYYYYY^SO^US&apn_uid=765f6a9b-d2f5-49a3-bc75-d66f586c721c&apn_sauid=8EFD086D-61F4-46EE-A1A7-FA094F453611&
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = dudley8501

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-18\..\SearchScopes\{8BF9435F-E5B2-403A-97C1-625EB65E697A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=OVO2&o=2159&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^A2E&apn_dtid=^YYYYYY^SO^US&apn_uid=765f6a9b-d2f5-49a3-bc75-d66f586c721c&apn_sauid=8EFD086D-61F4-46EE-A1A7-FA094F453611&
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = dudley8501

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com

IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 45 EB AA 06 8F CB 01 [binary data]
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\..\SearchScopes\{1A500DDB-9ABD-4D5E-A01E-8B16D8DC5999}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=OVO2&o=2159&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^A2E&apn_dtid=^YYYYYY^SH^US&apn_uid=22a70264-3812-4707-8f41-120b7e8b2a03&apn_sauid=7574E8CC-6466-41E1-B85A-CC8E478027F4&
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\..\SearchScopes\{2A68D578-CDAC-43E3-BF6C-7CFFA06D0381}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\..\SearchScopes\{2D9A27DC-8597-49AB-8169-91F0FD7DEC61}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\..\SearchScopes\{469D0882-4354-4A78-837D-99E4C954111A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\..\SearchScopes\{989385A9-815F-47CA-83EC-0044D93EB662}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\..\SearchScopes\{A82D1F6E-A93E-483D-B21F-941B476D8807}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=mkg030&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=2159&gct=hp"


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\ToshibaUser\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/07 12:05:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/06 15:05:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 02:41:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/08/08 09:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ToshibaUser\Application Data\Mozilla\Extensions
[2012/01/11 16:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ToshibaUser\Application Data\Mozilla\Firefox\Profiles\weqcc0vv.default\extensions
[2012/01/11 16:10:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\ToshibaUser\Application Data\Mozilla\Firefox\Profiles\weqcc0vv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/08 15:36:49 | 000,000,000 | ---D | M] (Yontoo Layers (Drop Down Deals)) -- C:\Documents and Settings\ToshibaUser\Application Data\Mozilla\Firefox\Profiles\weqcc0vv.default\extensions\plugin@yontoo.com
[2012/01/11 16:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ToshibaUser\Application Data\Mozilla\Firefox\Profiles\weqcc0vv.default\extensions\trash
[2011/11/17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\ToshibaUser\Application Data\Mozilla\Firefox\Profiles\weqcc0vv.default\searchplugins\askcom.xml
[2011/10/13 08:09:01 | 000,003,849 | ---- | M] () -- C:\Documents and Settings\ToshibaUser\Application Data\Mozilla\Firefox\Profiles\weqcc0vv.default\searchplugins\avg-secure-search.xml
[2011/10/11 22:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/06 15:05:45 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/09/08 11:52:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/07/08 01:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [Clearwire Connection Manager] C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
O4 - HKLM..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Sensiva] C:\Symbol Commander\Sensiva.exe (Sensiva, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TAcelMgr] C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TapButt] C:\Program Files\Toshiba\TapButton\TapButt.exe ( )
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\Toshiba\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TosRotation] C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSkrMain] C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-349180000-2302449126-1013906200-1005..\Run: [Zinio DLM] C:\Program Files\Zinio\ZDLM.exe /hide File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10x_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10x_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-349180000-2302449126-1013906200-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5219C007-8741-4BE8-953A-103E73242CAF}: DhcpNameServer = 66.233.235.12 75.94.255.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ToshibaUser\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ToshibaUser\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/27 16:58:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0b6a9df0-b959-11df-b7c1-0012f04c4d64}\Shell\AutoRun\command - "" = D:\Setup.exe
O33 - MountPoints2\{6a3eb373-9613-11df-b7be-0012f04c4d64}\Shell - "" = AutoRun
O33 - MountPoints2\{6a3eb373-9613-11df-b7be-0012f04c4d64}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a3eb373-9613-11df-b7be-0012f04c4d64}\Shell\AutoRun\command - "" = D:\start.exe
O33 - MountPoints2\{a0e20610-3c81-11e1-b90d-0012f04c4d64}\Shell - "" = AutoRun
O33 - MountPoints2\{a0e20610-3c81-11e1-b90d-0012f04c4d64}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a0e20610-3c81-11e1-b90d-0012f04c4d64}\Shell\AutoRun\command - "" = D:\WIN\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/06 20:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ToshibaUser\My Documents\Downloads
[2012/03/06 15:06:35 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 15:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/03/06 15:06:34 | 000,337,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 15:06:31 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 15:06:30 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 15:06:29 | 000,610,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 15:06:28 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 15:06:28 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 15:06:28 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/06 15:05:32 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 15:05:31 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 15:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/06 15:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/06 14:55:24 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/06 11:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/06 10:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ToshibaUser\Application Data\Malwarebytes
[2012/03/06 10:48:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/06 10:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/06 10:48:37 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/06 10:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/12 08:59:16 | 077,515,456 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msert.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/06 21:06:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/06 21:06:06 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/06 21:04:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/06 15:44:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ToshibaUser\defogger_reenable
[2012/03/06 15:06:35 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/06 15:06:29 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/06 14:26:04 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/06 14:19:40 | 000,563,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/06 14:19:40 | 000,115,112 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/06 14:13:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/06 10:48:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 09:35:45 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EBBD2E91-B4E9-46B4-9E19-72A81503ED2F}.job
[2012/03/06 09:34:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/23 10:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/02/23 10:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/02/23 10:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/02/23 10:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/02/23 10:10:46 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/02/23 10:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/02/23 10:10:25 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/02/23 10:10:22 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/02/23 10:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/02/23 10:07:33 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/06 15:44:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ToshibaUser\defogger_reenable
[2012/03/06 15:06:35 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/06 10:48:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 09:38:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/06 09:38:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/03 10:25:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/03 10:25:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/03 10:25:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/03 10:25:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/03 10:25:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/11 15:55:06 | 000,015,106 | -HS- | C] () -- C:\Documents and Settings\ToshibaUser\Local Settings\Application Data\yvx3lv0pbgdpv47i85rbk44
[2012/01/11 15:55:06 | 000,015,106 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\yvx3lv0pbgdpv47i85rbk44
[2011/10/01 18:12:28 | 000,000,096 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2011/10/01 16:08:43 | 000,161,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/15 20:46:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/08 09:04:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/09 10:32:01 | 000,058,116 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/24 09:47:18 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\ToshibaUser\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/05 19:53:05 | 002,031,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\macxvi200.bin
[2010/06/06 01:44:34 | 000,045,163 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2010/06/06 01:44:33 | 000,045,161 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2010/05/25 21:48:08 | 000,037,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys

< End of report >

#3 sedonaj

sedonaj
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 06 March 2012 - 10:28 PM

The OTL Extras

OTL Extras logfile created on: 3/6/2012 9:11:55 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = D:\Computer Tools
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 562.98 Mb Available Physical Memory | 55.02% Memory free
2.41 Gb Paging File | 2.02 Gb Available in Paging File | 83.79% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 36.76 Gb Free Space | 65.78% Space Free | Partition Type: NTFS
Drive D: | 3.81 Gb Total Space | 2.67 Gb Free Space | 70.01% Space Free | Partition Type: FAT32

Computer Name: TOSHIBA-USER | User Name: ToshibaUser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-349180000-2302449126-1013906200-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\IVP\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Disabled:ooVoo
"C:\Program Files\Clearwire\Connection Manager\SwiApiMux.exe" = C:\Program Files\Clearwire\Connection Manager\SwiApiMux.exe:*:Enabled:SwiApiMux
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Disabled:AVG Installer
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Disabled:Personal E-mail Scanner


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0510E9B6-C4C9-4C1D-8FE9-89EDDAA54958}" = Microsoft Reader
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0698BDA1-ACF3-4A5F-8A9B-F655C9E49AFC}" = Alias SketchBook Pro 1.01
"{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8}" = Tablet PC Tutorials for Microsoft Windows XP SP2
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{18472E28-FCA0-421F-BDAC-AC65012E29F2}" = ArcSoft MediaImpression
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20348F6A-38D0-45F6-A103-C6FB2CD5695B}" = FranklinCovey TabletPlanner
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{53554FA3-F658-40F4-A7C6-4CD6F776A8F0}" = TOSHIBA Rotation Utility
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{596EB055-A16F-4125-80A5-6AD728F2907B}" = TOSHIBA M200 Demo Screen Saver
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime (Drop Down Deals) 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{471159EB-BECC-453C-B6F2-FE4FAB29B3F3}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9AC200C3-A4C8-401C-A5A8-202BE888B165}" = TOSHIBA Fax Extension
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device Driver
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU.msi
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC591B40-F733-4731-9240-CE86FA34532C}" = CLEAR Connection Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D917F618-DDB8-4653-95FF-14A9A29A4E3B}" = Zinio Reader
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B2D11F-E4D9-4C17-A195-B8BADEAE9C40}" = VGA USB Camera
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}" = TOSHIBA Software Upgrades
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{F816A1EB-392D-459C-A5A2-8C8B9CD75446}" = TOSHIBA SD Memory Boot Utility
"{FC99D835-CA4A-4E58-82F6-31D0ACF0CACA}" = TOSHIBA Audio Effect
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast" = avast! Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CardBus driver" = CardBus driver
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 12.0" = RealPlayer
"Sensiva" = Symbol Commander
"SMALLBUSINESSR" = Microsoft Office Small Business 2007 Trial
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TME3" = TOSHIBA Mobile Extension3 for Windows XP V3.65.00.XP
"TOSHIBA Accelerometer Utilities" = TOSHIBA Accelerometer Utilities
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"TOSHIBA Utilities" = TOSHIBA Utilities
"TouchED" = TOSHIBA TouchPad On/Off Utility V2.05.00
"TSigReco" = TOSHIBA Tablet Access Code Logon Utility V1.02.00
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = AT&T Yahoo! Internet Mail
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-349180000-2302449126-1013906200-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2012 6:38:19 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application xhb.exe, version 5.1.2600.5512, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/11/2012 11:39:33 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/11/2012 11:39:38 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.

Error - 1/12/2012 8:57:04 AM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error
27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error - 1/12/2012 8:57:05 AM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error
27046. CA_Error27046: DriverInstallation(0xE0010057): Driver installation failed

Error - 1/12/2012 10:29:16 AM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/12/2012 10:29:25 AM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.

Error - 3/6/2012 4:07:27 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application msiexec.exe, version 3.1.4001.5512, faulting
module msi11.tmp, version 1.52.9334.0, fault address 0x0000e7a5.

Error - 3/6/2012 4:07:37 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1001
Description = Fault bucket -2084049759.

Error - 3/6/2012 11:11:24 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.35.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/6/2012 3:39:31 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The Swupdtmr service terminated unexpectedly. It has done this 1
time(s).

Error - 3/6/2012 4:11:38 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Search service
to connect.

Error - 3/6/2012 4:11:38 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 3/6/2012 4:11:38 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 3/6/2012 4:11:39 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Search service
to connect.

Error - 3/6/2012 4:11:39 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 3/6/2012 6:58:58 PM | Computer Name = TOSHIBA-USER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 3/6/2012 6:59:18 PM | Computer Name = TOSHIBA-USER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 3/6/2012 10:47:44 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 3/6/2012 11:07:03 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.


< End of report >

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:23 AM

Posted 07 March 2012 - 12:34 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sedonaj

sedonaj
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 07 March 2012 - 01:17 PM

Hi Gringo,

Thanks for offering to help.

I ran the defogger again now and here is the log:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:58 on 07/03/2012 (ToshibaUser)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


DDS from any of the three links won't complete. The ####### gets 3/4 away across the screen and then locks up. I have to turn of by using the power button to restart my computer. d

I can connect to the internet. I completed the OTL last night and previously posted and nothing has been done since so the OTL is current.
I also mentioned that some programs open for a moment, and then shut down as if being blocked. I am wondering if the final step in the DDS report creation is being blocked. (But it's not notepad that's being blocked because it worked on Defogger and OTL.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:23 AM

Posted 07 March 2012 - 06:29 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 sedonaj

sedonaj
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 07 March 2012 - 08:53 PM

I cannot run Combofix as I stated in my posts. Combofix says AVG Anti-Virus Free Edition 2012 is running. But it's not. Somewhere in the registry it must say that it is because it's not in the task manager as a running process, it's not in the add remove section of control panel, it's not in C/Program Files anywhere. It's not the Documents and Settings under either Local Setting / Data Application or All users in the Data Section. I used the AVG uninstaller previously just to see if that removed anything I wasn't see and combofix still says the same thing. I have Avast free on the computer and it's disabled for combofix, but Combofix is returning AVG scanner running.

What should I do?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:23 AM

Posted 07 March 2012 - 09:07 PM

go ahead and run it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sedonaj

sedonaj
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 07 March 2012 - 09:19 PM

Combofix creates the restore point, then it says

"you are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection. If for any reason that you're unable to connect to the internet after running Combofix, reboot once and see if that fixes it"

Now another box has popped up and says "Rootkit is detected. Be Patient as this may take some moments" I am not going to click on the Okay button because if I do, it stalls. Do I need to click on the okay button or will combofix continue to run without me clicking on it? I can hear the fans running, but I no longer hear the C drive working on the request. The light of the Hard Drive is not flashing anymore. My guess is at this point it has stalled. How long should I wait for combofix to see if it is still in fact running without the hard drive clicking or the hard drive light flashing? Do you think 30 minutes is sufficient?

#10 sedonaj

sedonaj
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 07 March 2012 - 09:25 PM

The fan stopped. The hard drive light is not flashing and the hard drive is not clicking.

I hit enter to get the OKay button off. On other computers when I have run combofix, it goes through Phase 1, Phase 2, etc. This is not happening.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:23 AM

Posted 07 March 2012 - 09:56 PM

Hello


yes restart the computer and see if combofix starts on its own


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 sedonaj

sedonaj
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 07 March 2012 - 10:38 PM

I let combofix run for 50 minutes without Completed stage 1 ever showing up, the system clock stopped at 8:24pm cst (its now 9:31pm.) I was unable to turn off the computer by hitting Start and restarting, so I had to shut down with the power button, when Windows XP comes back on, Combofix does not start on its own.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:23 AM

Posted 07 March 2012 - 10:41 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 sedonaj

sedonaj
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 07 March 2012 - 11:12 PM

TDSS LOG:
21:47:03.0226 3948 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
21:47:03.0566 3948 ============================================================
21:47:03.0566 3948 Current date / time: 2012/03/07 21:47:03.0566
21:47:03.0566 3948 SystemInfo:
21:47:03.0566 3948
21:47:03.0566 3948 OS Version: 5.1.2600 ServicePack: 3.0
21:47:03.0566 3948 Product type: Workstation
21:47:03.0566 3948 ComputerName: TOSHIBA-USER
21:47:03.0566 3948 UserName: ToshibaUser
21:47:03.0566 3948 Windows directory: C:\WINDOWS
21:47:03.0566 3948 System windows directory: C:\WINDOWS
21:47:03.0566 3948 Processor architecture: Intel x86
21:47:03.0566 3948 Number of processors: 1
21:47:03.0566 3948 Page size: 0x1000
21:47:03.0566 3948 Boot type: Normal boot
21:47:03.0566 3948 ============================================================
21:47:06.0280 3948 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:47:06.0290 3948 Drive \Device\Harddisk1\DR2 - Size: 0xF4B00000 (3.82 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:47:06.0290 3948 \Device\Harddisk0\DR0:
21:47:06.0290 3948 MBR used
21:47:06.0290 3948 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
21:47:06.0290 3948 \Device\Harddisk1\DR2:
21:47:06.0290 3948 MBR used
21:47:06.0300 3948 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xC, StartLBA 0xAC8, BlocksNum 0x7A4D38
21:47:06.0340 3948 Initialize success
21:47:06.0340 3948 ============================================================
21:47:12.0629 5340 ============================================================
21:47:12.0629 5340 Scan started
21:47:12.0629 5340 Mode: Manual;
21:47:12.0629 5340 ============================================================
21:47:13.0951 5340 .avgtdix - ok
21:47:14.0282 5340 Aavmker4 (fdba5bb4c8171cda00b2233d5389ee5f) C:\WINDOWS\system32\drivers\Aavmker4.sys
21:47:14.0282 5340 Aavmker4 - ok
21:47:14.0352 5340 Abiosdsk - ok
21:47:14.0382 5340 abp480n5 - ok
21:47:14.0462 5340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:47:14.0472 5340 ACPI - ok
21:47:14.0532 5340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:47:14.0532 5340 ACPIEC - ok
21:47:14.0572 5340 adpu160m - ok
21:47:14.0642 5340 aeaudio (75bee80a25fc7f690dcd57570dc159c1) C:\WINDOWS\system32\drivers\aeaudio.sys
21:47:14.0642 5340 aeaudio - ok
21:47:14.0742 5340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:47:14.0753 5340 aec - ok
21:47:14.0823 5340 AegisP (f498fd605c08404b20a48954c722ff74) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:47:14.0823 5340 AegisP - ok
21:47:14.0883 5340 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
21:47:14.0893 5340 Afc - ok
21:47:15.0063 5340 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:47:15.0073 5340 AFD - ok
21:47:15.0223 5340 AgereSoftModem (052343cd49c8da20c48958cfe73c7d44) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:47:15.0263 5340 AgereSoftModem - ok
21:47:15.0373 5340 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:47:15.0373 5340 agp440 - ok
21:47:15.0403 5340 Aha154x - ok
21:47:15.0433 5340 aic78u2 - ok
21:47:15.0474 5340 aic78xx - ok
21:47:15.0514 5340 AliIde - ok
21:47:15.0544 5340 amsint - ok
21:47:15.0634 5340 ApfiltrService (25b063d45e57f06b175f29140c700a14) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
21:47:15.0634 5340 ApfiltrService - ok
21:47:15.0834 5340 asc - ok
21:47:15.0864 5340 asc3350p - ok
21:47:15.0894 5340 asc3550 - ok
21:47:16.0014 5340 aswFsBlk (581b82df5dbcc1dda6b775fac0d92472) C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:47:16.0014 5340 aswFsBlk - ok
21:47:16.0064 5340 aswMon2 (4310e0977b48ec9bc5cca6931f806e6d) C:\WINDOWS\system32\drivers\aswMon2.sys
21:47:16.0064 5340 aswMon2 - ok
21:47:16.0104 5340 AswRdr (0b44ee90b3db93582b260a80b28b7ffd) C:\WINDOWS\system32\drivers\AswRdr.sys
21:47:16.0114 5340 AswRdr - ok
21:47:16.0175 5340 aswSnx (ca9601cd277a1e510b80422a40240a95) C:\WINDOWS\system32\drivers\aswSnx.sys
21:47:16.0205 5340 aswSnx - ok
21:47:16.0295 5340 aswSP (05ea22dde5ca7ee3a865046aff2f0229) C:\WINDOWS\system32\drivers\aswSP.sys
21:47:16.0305 5340 aswSP - ok
21:47:16.0345 5340 aswTdi (3ac73a9e7378848d1bde174b4bb39212) C:\WINDOWS\system32\drivers\aswTdi.sys
21:47:16.0345 5340 aswTdi - ok
21:47:16.0455 5340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:47:16.0455 5340 AsyncMac - ok
21:47:16.0585 5340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:47:16.0585 5340 atapi - ok
21:47:16.0615 5340 Atdisk - ok
21:47:16.0665 5340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:47:16.0665 5340 Atmarpc - ok
21:47:16.0705 5340 ATMFBUS - ok
21:47:16.0735 5340 ATMFCVsp - ok
21:47:16.0765 5340 ATMFFLT - ok
21:47:16.0795 5340 ATMFMdm - ok
21:47:16.0825 5340 ATMFNET - ok
21:47:16.0866 5340 ATMFNVsp - ok
21:47:16.0896 5340 ATMFVsp - ok
21:47:16.0966 5340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:47:16.0966 5340 audstub - ok
21:47:17.0106 5340 bcm (54c533ae49cdf9c4630e80379a1090fe) C:\WINDOWS\system32\DRIVERS\drxvi314.sys
21:47:17.0116 5340 bcm - ok
21:47:17.0156 5340 bcmbusctr (44a70e32615770a4ec60e0267c0c8408) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
21:47:17.0156 5340 bcmbusctr - ok
21:47:17.0226 5340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:47:17.0226 5340 Beep - ok
21:47:17.0436 5340 catchme - ok
21:47:17.0557 5340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:47:17.0567 5340 cbidf2k - ok
21:47:17.0687 5340 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:47:17.0687 5340 CCDECODE - ok
21:47:17.0717 5340 cd20xrnt - ok
21:47:17.0787 5340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:47:17.0787 5340 Cdaudio - ok
21:47:17.0847 5340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:47:17.0847 5340 Cdfs - ok
21:47:17.0927 5340 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:47:17.0927 5340 Cdrom - ok
21:47:17.0967 5340 Changer - ok
21:47:18.0077 5340 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:47:18.0087 5340 CmBatt - ok
21:47:18.0117 5340 CmdIde - ok
21:47:18.0177 5340 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:47:18.0177 5340 Compbatt - ok
21:47:18.0227 5340 Cpqarray - ok
21:47:18.0268 5340 dac2w2k - ok
21:47:18.0288 5340 dac960nt - ok
21:47:18.0348 5340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:47:18.0348 5340 Disk - ok
21:47:18.0438 5340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:47:18.0468 5340 dmboot - ok
21:47:18.0618 5340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:47:18.0618 5340 dmio - ok
21:47:18.0658 5340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:47:18.0668 5340 dmload - ok
21:47:18.0718 5340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:47:18.0718 5340 DMusic - ok
21:47:18.0768 5340 dpti2o - ok
21:47:18.0818 5340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:47:18.0818 5340 drmkaud - ok
21:47:18.0898 5340 E100B (fae8b6b311f898df3d19bc638e980ca5) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:47:18.0908 5340 E100B - ok
21:47:19.0009 5340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:47:19.0009 5340 Fastfat - ok
21:47:19.0079 5340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:47:19.0079 5340 Fdc - ok
21:47:19.0149 5340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:47:19.0189 5340 Fips - ok
21:47:19.0960 5340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:47:19.0970 5340 Flpydisk - ok
21:47:20.0150 5340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:47:20.0160 5340 FltMgr - ok
21:47:20.0220 5340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:47:20.0220 5340 Fs_Rec - ok
21:47:20.0310 5340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:47:20.0321 5340 Ftdisk - ok
21:47:20.0371 5340 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:47:20.0371 5340 GEARAspiWDM - ok
21:47:20.0431 5340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:47:20.0431 5340 Gpc - ok
21:47:20.0481 5340 hpn - ok
21:47:20.0531 5340 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:47:20.0541 5340 HPZid412 - ok
21:47:20.0571 5340 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:47:20.0571 5340 HPZipr12 - ok
21:47:20.0611 5340 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:47:20.0611 5340 HPZius12 - ok
21:47:20.0681 5340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:47:20.0691 5340 HTTP - ok
21:47:20.0851 5340 i2omgmt - ok
21:47:20.0881 5340 i2omp - ok
21:47:20.0951 5340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:47:20.0951 5340 i8042prt - ok
21:47:21.0012 5340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:47:21.0012 5340 Imapi - ok
21:47:21.0062 5340 ini910u - ok
21:47:21.0122 5340 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:47:21.0122 5340 IntelIde - ok
21:47:21.0192 5340 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:47:21.0192 5340 intelppm - ok
21:47:21.0252 5340 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:47:21.0252 5340 Ip6Fw - ok
21:47:21.0332 5340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:47:21.0332 5340 IpFilterDriver - ok
21:47:21.0392 5340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:47:21.0392 5340 IpInIp - ok
21:47:21.0432 5340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:47:21.0442 5340 IpNat - ok
21:47:21.0532 5340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:47:21.0542 5340 IPSec - ok
21:47:21.0612 5340 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
21:47:21.0612 5340 irda - ok
21:47:21.0753 5340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:47:21.0763 5340 IRENUM - ok
21:47:21.0823 5340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:47:21.0823 5340 isapnp - ok
21:47:21.0913 5340 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
21:47:21.0923 5340 IWCA - ok
21:47:21.0963 5340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:47:21.0963 5340 Kbdclass - ok
21:47:22.0003 5340 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:47:22.0003 5340 kbdhid - ok
21:47:22.0053 5340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:47:22.0063 5340 kmixer - ok
21:47:22.0113 5340 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:47:22.0113 5340 KSecDD - ok
21:47:22.0163 5340 lbrtfdc - ok
21:47:22.0263 5340 meiudf (6a75fd0b5f008d711dc44d9693e8d632) C:\WINDOWS\system32\Drivers\meiudf.sys
21:47:22.0263 5340 meiudf - ok
21:47:22.0343 5340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:47:22.0343 5340 mnmdd - ok
21:47:22.0434 5340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:47:22.0434 5340 Modem - ok
21:47:22.0494 5340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:47:22.0504 5340 Mouclass - ok
21:47:22.0664 5340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:47:22.0664 5340 mouhid - ok
21:47:22.0724 5340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:47:22.0724 5340 MountMgr - ok
21:47:22.0754 5340 mraid35x - ok
21:47:22.0904 5340 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:47:22.0904 5340 MREMP50 - ok
21:47:22.0914 5340 MREMPR5 - ok
21:47:22.0934 5340 MRENDIS5 - ok
21:47:22.0964 5340 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:47:22.0974 5340 MRESP50 - ok
21:47:23.0024 5340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:47:23.0024 5340 MRxDAV - ok
21:47:23.0135 5340 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:47:23.0155 5340 MRxSmb - ok
21:47:23.0385 5340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:47:23.0385 5340 Msfs - ok
21:47:23.0425 5340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:47:23.0425 5340 MSKSSRV - ok
21:47:23.0465 5340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:47:23.0465 5340 MSPCLOCK - ok
21:47:23.0505 5340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:47:23.0505 5340 MSPQM - ok
21:47:23.0585 5340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:47:23.0585 5340 mssmbios - ok
21:47:23.0645 5340 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:47:23.0645 5340 MSTEE - ok
21:47:23.0685 5340 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:47:23.0685 5340 Mup - ok
21:47:23.0745 5340 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:47:23.0745 5340 NABTSFEC - ok
21:47:23.0846 5340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:47:23.0856 5340 NDIS - ok
21:47:23.0906 5340 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:47:23.0906 5340 NdisIP - ok
21:47:23.0976 5340 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:47:23.0976 5340 NdisTapi - ok
21:47:24.0006 5340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:47:24.0016 5340 Ndisuio - ok
21:47:24.0076 5340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:47:24.0076 5340 NdisWan - ok
21:47:24.0166 5340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:47:24.0166 5340 NDProxy - ok
21:47:24.0326 5340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:47:24.0326 5340 NetBIOS - ok
21:47:24.0406 5340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:47:24.0406 5340 NetBT - ok
21:47:24.0497 5340 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
21:47:24.0497 5340 Netdevio - ok
21:47:24.0587 5340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:47:24.0597 5340 Npfs - ok
21:47:24.0677 5340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:47:24.0697 5340 Ntfs - ok
21:47:24.0827 5340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:47:24.0827 5340 Null - ok
21:47:24.0987 5340 nv (f409d1bf29c59c94c62940d6fc0287ed) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:47:25.0037 5340 nv - ok
21:47:25.0248 5340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:47:25.0248 5340 NwlnkFlt - ok
21:47:25.0308 5340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:47:25.0328 5340 NwlnkFwd - ok
21:47:25.0468 5340 PAC7302 (aff9a1986555e4592de8092f9a5fa2d2) C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
21:47:25.0478 5340 PAC7302 - ok
21:47:25.0568 5340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:47:25.0578 5340 Parport - ok
21:47:25.0618 5340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:47:25.0628 5340 PartMgr - ok
21:47:25.0698 5340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:47:25.0698 5340 ParVdm - ok
21:47:25.0738 5340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:47:25.0738 5340 PCI - ok
21:47:25.0768 5340 PCIDump - ok
21:47:25.0838 5340 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:47:25.0838 5340 PCIIde - ok
21:47:25.0868 5340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:47:25.0878 5340 Pcmcia - ok
21:47:25.0939 5340 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
21:47:25.0959 5340 PCTINDIS5 - ok
21:47:26.0049 5340 PDCOMP - ok
21:47:26.0119 5340 PDFRAME - ok
21:47:26.0149 5340 PDRELI - ok
21:47:26.0179 5340 PDRFRAME - ok
21:47:26.0209 5340 perc2 - ok
21:47:26.0239 5340 perc2hib - ok
21:47:26.0349 5340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:47:26.0369 5340 PptpMiniport - ok
21:47:26.0469 5340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:47:26.0469 5340 PSched - ok
21:47:26.0509 5340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:47:26.0519 5340 Ptilink - ok
21:47:26.0549 5340 ql1080 - ok
21:47:26.0580 5340 Ql10wnt - ok
21:47:26.0620 5340 ql12160 - ok
21:47:26.0650 5340 ql1240 - ok
21:47:26.0680 5340 ql1280 - ok
21:47:26.0740 5340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:47:26.0740 5340 RasAcd - ok
21:47:26.0810 5340 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:47:26.0810 5340 Rasirda - ok
21:47:26.0840 5340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:47:26.0850 5340 Rasl2tp - ok
21:47:26.0900 5340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:47:26.0900 5340 RasPppoe - ok
21:47:27.0230 5340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:47:27.0230 5340 Raspti - ok
21:47:27.0291 5340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:47:27.0291 5340 Rdbss - ok
21:47:27.0331 5340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:47:27.0331 5340 RDPCDD - ok
21:47:27.0411 5340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:47:27.0411 5340 rdpdr - ok
21:47:27.0511 5340 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:47:27.0511 5340 RDPWD - ok
21:47:27.0551 5340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:47:27.0551 5340 redbook - ok
21:47:27.0621 5340 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
21:47:27.0631 5340 RimUsb - ok
21:47:27.0691 5340 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
21:47:27.0691 5340 RimVSerPort - ok
21:47:27.0711 5340 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:47:27.0711 5340 ROOTMODEM - ok
21:47:27.0801 5340 s24trans (85a26a3bb748dfd3170cdbf45b0dd7fd) C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:47:27.0801 5340 s24trans - ok
21:47:27.0901 5340 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:47:27.0911 5340 sdbus - ok
21:47:27.0951 5340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:47:27.0951 5340 Secdrv - ok
21:47:28.0032 5340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:47:28.0042 5340 Serial - ok
21:47:28.0132 5340 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
21:47:28.0132 5340 sffdisk - ok
21:47:28.0252 5340 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
21:47:28.0252 5340 sffp_sd - ok
21:47:28.0312 5340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:47:28.0312 5340 Sfloppy - ok
21:47:28.0362 5340 Simbad - ok
21:47:28.0442 5340 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:47:28.0442 5340 SLIP - ok
21:47:28.0492 5340 SMCIRDA (9951b523fe6820f29ef010680cb692d2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
21:47:28.0502 5340 SMCIRDA - ok
21:47:28.0602 5340 smwdm (710a9684bf50e6fe7c227b9de41159da) C:\WINDOWS\system32\drivers\smwdm.sys
21:47:28.0612 5340 smwdm - ok
21:47:28.0673 5340 Sparrow - ok
21:47:28.0743 5340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:47:28.0753 5340 splitter - ok
21:47:28.0833 5340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:47:28.0843 5340 sr - ok
21:47:28.0943 5340 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:47:28.0953 5340 Srv - ok
21:47:29.0133 5340 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:47:29.0143 5340 streamip - ok
21:47:29.0213 5340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:47:29.0223 5340 swenum - ok
21:47:29.0283 5340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:47:29.0283 5340 swmidi - ok
21:47:29.0353 5340 swmsflt (3d4776ab6520240ae06d277ac45bf836) C:\WINDOWS\system32\DRIVERS\swmsflt.sys
21:47:29.0353 5340 swmsflt - ok
21:47:29.0434 5340 swmx00 (af88ae62b84d016eb5bdc12ddf1005a3) C:\WINDOWS\system32\DRIVERS\swmx00.sys
21:47:29.0444 5340 swmx00 - ok
21:47:29.0504 5340 SWNC5E00 (24bce62e4da07c6488e3a7ff37a6b6ae) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
21:47:29.0514 5340 SWNC5E00 - ok
21:47:29.0574 5340 symc810 - ok
21:47:29.0604 5340 symc8xx - ok
21:47:29.0644 5340 sym_hi - ok
21:47:29.0684 5340 sym_u3 - ok
21:47:29.0754 5340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:47:29.0754 5340 sysaudio - ok
21:47:29.0844 5340 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\system32\drivers\TBiosDrv.sys
21:47:29.0854 5340 TBiosDrv - ok
21:47:29.0924 5340 TBtnKey (1f1b3aa534db6107118bf7942275f100) C:\WINDOWS\system32\DRIVERS\TBtnKey.sys
21:47:29.0934 5340 TBtnKey - ok
21:47:30.0034 5340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:47:30.0044 5340 Tcpip - ok
21:47:30.0225 5340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:47:30.0225 5340 TDPIPE - ok
21:47:30.0275 5340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:47:30.0275 5340 TDTCP - ok
21:47:30.0335 5340 TEchoCan (1a3d0d4e388bed8d0f9d35ebf0922531) C:\WINDOWS\system32\DRIVERS\TEchoCan.sys
21:47:30.0335 5340 TEchoCan - ok
21:47:30.0375 5340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:47:30.0375 5340 TermDD - ok
21:47:30.0445 5340 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
21:47:30.0445 5340 TMEI3E - ok
21:47:30.0505 5340 TMicAry (6dad418085651a1a9a2cb9fc5abb40d3) C:\WINDOWS\system32\DRIVERS\TMicAry.sys
21:47:30.0505 5340 TMicAry - ok
21:47:30.0545 5340 TosIde - ok
21:47:30.0595 5340 tosporte (690a1933d6e0a126326c72a19b79a8e4) C:\WINDOWS\system32\DRIVERS\tosporte.sys
21:47:30.0605 5340 tosporte - ok
21:47:30.0655 5340 Tosrfbd (72bdafe88e25010764a7d732bec77954) C:\WINDOWS\system32\Drivers\tosrfbd.sys
21:47:30.0665 5340 Tosrfbd - ok
21:47:30.0705 5340 Tosrfbnp (ac9316450cd4060e905bda46f5bcdfe4) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
21:47:30.0715 5340 Tosrfbnp - ok
21:47:30.0745 5340 Tosrfcom (8ef8069ec1fde5d924cbd9348f4787f8) C:\WINDOWS\system32\Drivers\tosrfcom.sys
21:47:30.0756 5340 Tosrfcom - ok
21:47:30.0786 5340 tosrfec (cc42fdbe9760ca1639e23158ab995f98) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
21:47:30.0786 5340 tosrfec - ok
21:47:30.0806 5340 Tosrfhid (79027a23c5c391e363380da8cca99ad8) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
21:47:30.0806 5340 Tosrfhid - ok
21:47:30.0846 5340 tosrfnds (6c3b5204ea0cd610c847a6834913bc4e) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
21:47:30.0846 5340 tosrfnds - ok
21:47:30.0896 5340 Tosrfusb (c595c4427dbc0bbfa688ee28e3a4c58b) C:\WINDOWS\system32\Drivers\tosrfusb.sys
21:47:30.0906 5340 Tosrfusb - ok
21:47:31.0006 5340 TVALZ (c77f886230cded0075d628f88689681c) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
21:47:31.0006 5340 TVALZ - ok
21:47:31.0046 5340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:47:31.0046 5340 Udfs - ok
21:47:31.0096 5340 ultra - ok
21:47:31.0186 5340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:47:31.0216 5340 Update - ok
21:47:31.0396 5340 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:47:31.0396 5340 USBAAPL - ok
21:47:31.0467 5340 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:47:31.0467 5340 usbaudio - ok
21:47:31.0517 5340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:47:31.0527 5340 usbccgp - ok
21:47:31.0587 5340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:47:31.0587 5340 usbehci - ok
21:47:31.0647 5340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:47:31.0657 5340 usbhub - ok
21:47:31.0707 5340 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:47:31.0717 5340 usbprint - ok
21:47:31.0757 5340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:47:31.0757 5340 usbscan - ok
21:47:31.0817 5340 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:47:31.0817 5340 usbstor - ok
21:47:31.0897 5340 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:47:31.0897 5340 usbuhci - ok
21:47:31.0967 5340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:47:31.0977 5340 VgaSave - ok
21:47:32.0158 5340 ViaIde - ok
21:47:32.0278 5340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:47:32.0278 5340 VolSnap - ok
21:47:32.0448 5340 w22n51 (4c009d4352849d79bf347846b6e03bfd) C:\WINDOWS\system32\DRIVERS\w22n51.sys
21:47:32.0508 5340 w22n51 - ok
21:47:32.0899 5340 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
21:47:32.0969 5340 w29n51 - ok
21:47:33.0099 5340 w70n51 (3eccbb3689807787cd4c0fed20b1d0d8) C:\WINDOWS\system32\DRIVERS\w70n51.sys
21:47:33.0119 5340 w70n51 - ok
21:47:33.0309 5340 WacomPen (aced8c149b30f8496c237bcba3727b48) C:\WINDOWS\system32\DRIVERS\wacompen.sys
21:47:33.0309 5340 WacomPen - ok
21:47:33.0369 5340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:47:33.0369 5340 Wanarp - ok
21:47:33.0449 5340 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:47:33.0459 5340 Wdf01000 - ok
21:47:33.0479 5340 WDICA - ok
21:47:33.0550 5340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:47:33.0560 5340 wdmaud - ok
21:47:33.0730 5340 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:47:33.0730 5340 WS2IFSL - ok
21:47:33.0820 5340 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:47:33.0820 5340 WSTCODEC - ok
21:47:33.0880 5340 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:47:33.0880 5340 WudfPf - ok
21:47:34.0020 5340 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:47:34.0030 5340 WudfRd - ok
21:47:34.0180 5340 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
21:47:34.0351 5340 \Device\Harddisk0\DR0 - ok
21:47:34.0371 5340 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk1\DR2
21:47:34.0391 5340 \Device\Harddisk1\DR2 - ok
21:47:34.0401 5340 Boot (0x1200) (120d23fc2cb45372825352152240a516) \Device\Harddisk0\DR0\Partition0
21:47:34.0411 5340 \Device\Harddisk0\DR0\Partition0 - ok
21:47:34.0431 5340 Boot (0x1200) (078bb38452815c0512761cd90d07d15b) \Device\Harddisk1\DR2\Partition0
21:47:34.0431 5340 \Device\Harddisk1\DR2\Partition0 - ok
21:47:34.0441 5340 ============================================================
21:47:34.0441 5340 Scan finished
21:47:34.0441 5340 ============================================================
21:47:34.0481 2344 Detected object count: 0
21:47:34.0481 2344 Actual detected object count: 0





aswMBR did not ask me to allow for extra definitions.
aswMBR log:
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-07 21:54:13
-----------------------------
21:54:13.585 OS Version: Windows 5.1.2600 Service Pack 3
21:54:13.585 Number of processors: 1 586 0xD06
21:54:13.585 ComputerName: TOSHIBA-USER UserName: ToshibaUser
21:54:14.937 Initialize success
21:54:15.177 AVAST engine defs: 12030701
21:55:27.231 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:55:27.241 Disk 0 Vendor: HTS726060M9AT00 MH4OA68A Size: 57231MB BusType: 3
21:55:27.261 Disk 0 MBR read successfully
21:55:27.261 Disk 0 MBR scan
21:55:27.271 Disk 0 unknown MBR code
21:55:27.271 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
21:55:27.281 Disk 0 scanning sectors +117210240
21:55:27.471 Disk 0 scanning C:\WINDOWS\system32\drivers
21:55:41.231 Service scanning
21:55:42.072 Service .avgtdix \? **LOCKED** 123
21:56:04.875 Modules scanning
21:56:13.667 Disk 0 trace - called modules:
21:56:13.697 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:56:14.038 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f31ab8]
21:56:14.048 3 CLASSPNP.SYS[f75aefd7] -> nt!IofCallDriver -> \Device\0000008b[0x86f5b1f0]
21:56:14.048 5 ACPI.sys[f7525620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f2ed98]
21:56:14.979 AVAST engine scan C:\WINDOWS
21:56:30.251 AVAST engine scan C:\WINDOWS\system32
21:59:42.448 AVAST engine scan C:\WINDOWS\system32\drivers
22:00:03.598 AVAST engine scan C:\Documents and Settings\ToshibaUser
22:06:58.935 AVAST engine scan C:\Documents and Settings\All Users
22:07:53.444 Scan finished successfully
22:08:14.204 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ToshibaUser\Desktop\MBR.dat"
22:08:14.214 The log file has been saved successfully to "C:\Documents and Settings\ToshibaUser\Desktop\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:23 AM

Posted 08 March 2012 - 12:04 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users