Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with zeroaccess toolkit google keeps redirecting


  • This topic is locked This topic is locked
37 replies to this topic

#1 matthewnguyen15

matthewnguyen15

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 08 March 2012 - 12:28 AM

Hi

Everytime i click a google link it redirects me to abnow website. I posted in the 'am i infected what do i do' forum http://www.bleepingcomputer.com/forums/topic445357.html and was then told to take steps 6 to 10 in the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help section. Any help provided will be greatly appreciated :)


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Matthew at 8:04:14 on 2012-03-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3037.1064 [GMT 8:00]
.
AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\taskhost.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\vVX3000.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BatteryCare\BatteryCare.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Remote\SimHID.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
"C:\windows\system32\svchost.exe"
C:\Program Files\AVG\AVG9\avgui.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = about:blank
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [BatteryCare] c:\program files\batterycare\BatteryCare.exe
uRun: [Adobe Acrobat Synchronizer] "c:\program files\adobe\acrobat 10.0\acrobat\AdobeCollabSync.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\matthew\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\matthew\appdata\roaming\micros~1\windows\startm~1\programs\startup\simhid~1.lnk - c:\program files\remote\SimHID.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to &Teleport - c:\users\matthew\appdata\local\temp\rar$ex36.943\teleport.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{05611C78-6FCA-4C3B-B73D-1C8544511648} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{05611C78-6FCA-4C3B-B73D-1C8544511648}\35E41405 : DhcpNameServer = 130.95.128.2 130.95.128.1
TCP: Interfaces\{05611C78-6FCA-4C3B-B73D-1C8544511648}\E476579756E6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5BC571DD-4CCD-4E7A-8F66-E300A7218069} : NameServer = 130.95.128.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\matthew\appdata\roaming\mozilla\firefox\profiles\vgh8xbgt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com.au
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\matthew\appdata\roaming\mozilla\firefox\profiles\vgh8xbgt.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\matthew\appdata\roaming\mozilla\firefox\profiles\vgh8xbgt.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - d8359dd7-fe30-486f-bc6a-d77c63b168e6
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,TopRelatedTopics,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-3-17 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-17 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-17 29712]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-4 176128]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-7-18 181616]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-7 652360]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-8 62832]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 181616]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-2-16 909152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-7 20464]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-11-4 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-4 167936]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1011232]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-11-4 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-4 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-7 685424]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 antivirscheduler;SaiNtHid;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 antivirservice;Tversitymediaserver;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avg7alrt;Netmdsb;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avg7core;Wbutton;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avg7rsxp;Kodakccs;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avgarcln;Ftpqueue;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avgascln;Sk99202k;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avgclean;Uim_IM;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avgems;S116mdm;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avgio;Portmapper;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avgntflt;Adsservice;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avgtdi;Nsm1serd;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avp;Avc;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 BRGSp50;ASFWHide;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 ca-messagequeuing;BcmSqlStartupSvc;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 clientservice;Oraclesnmppeermasteragent;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CTMSHD;HcwPVRP2;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 DirectUpdate;PhilCam8116_XP;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 DivisCTP;MaxtorFrontPanel1;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 DivisCTS;Cap7134;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 DMUSBUSBDCam;Svchost;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 fssfltr;Fasttraksvc;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664]
S2 ikfilesec;Gtndis5;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 ikhlayer;AsDsm;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 lfsfilt;USB_RNDIS;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 LMIRfsDriver;Cpqrcmc;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 LRMINIPORT;ESDCR;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mcafeeantispyware;Wlsetupsvc;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mcafeeframework;DLH5X;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mcpromgr;Icraplus;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mcproxy;Dirms_defragmentation;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mcshield;O2flash;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mcsysmon;Ptserial;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mctaskmanager;Fs_rec;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mcusrmgr;Pnrouter;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mfebopk;Cqmgstor;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mferkdk;Ma763004;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mfesmfk;Dphost;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mirrorv3;Dlaudfam;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mks_scan;Mfehidk;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 navap;Ventrilo;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 navapsvc;Ssm_mdm;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 nod32krn;ZSMC211;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 ofcpfwsvc;CoachVc;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 ofcservice;A016mgmt;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 pavagente;Sentinelprotectionserver;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 pavatscheduler;Prfldsvc;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 pavdrv;Fsma;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 pavfnsvr;Avpnnic;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 pavprsrv;Cisvc;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 pavreport;Iomdisk;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 pctfw1;Sit_bus;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 pctoolsfirewallplus;Anbmservice;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 PEVSystemStart;Vmsprog;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 RalinkRegistryWriter;Pdlnsv25;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 RAPIProtocol;SE2Bmdfl;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 S3GIGP;Iwebmsg;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 SbieDrv;CnxTrUsb;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-3-6 1153368]
S2 sdcoreservice;Wmiaprpl;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 starwindservice;UlSata;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 starwindserviceae;Psimsvc;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 symantecantibotagent;Ntsvcmgr;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 symantecantibotdriver;RR2Vbi;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 TeamViewer;Slee_503_service;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 vet-rec;Iftpsvc;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 veteboot;Asuskeyboardservice;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 webrootcommagentservice;Nfmservice;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 webrootenterpriseclientservice;Upsentry_smart;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 webrootenterpriseupdateservice;Pml;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 ZY202_XP;Pinger;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 167264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-11-5 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-11-5 11104]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-4 171520]
S3 RTL2831UBDA;REALTEK 2831U BDA Driver;c:\windows\system32\drivers\RTL2831UBDA.sys [2009-8-28 95904]
S3 RTL2831UUSB;REALTEK 2831U USB Driver;c:\windows\system32\drivers\RTL2831UUSB.sys [2009-8-28 32800]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-9 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-1 1343400]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\batterycare\WinRing0.sys [2011-12-2 14416]
.
=============== Created Last 30 ================
.
2012-03-07 06:52:02 -------- d-----w- c:\users\matthew\appdata\roaming\Malwarebytes
2012-03-07 06:51:39 -------- d-----w- c:\programdata\Malwarebytes
2012-03-07 06:51:37 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-07 06:51:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-06 15:47:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-06 15:47:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-06 14:59:09 -------- d-----w- c:\users\matthew\appdata\roaming\SpeedyPC Software
2012-03-06 14:59:09 -------- d-----w- c:\users\matthew\appdata\roaming\DriverCure
2012-03-06 14:59:00 -------- d-----w- c:\programdata\SpeedyPC Software
2012-03-06 14:59:00 -------- d-----w- c:\program files\SpeedyPC Software
2012-03-06 13:41:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-06 13:39:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-29 09:23:52 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-02-29 09:04:42 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-02-29 09:04:05 -------- d-sh--w- c:\users\matthew\appdata\local\c4820430
2012-02-29 02:58:12 -------- d-----w- C:\usr
2012-02-23 04:04:48 -------- d-----w- c:\program files\Yontoo
2012-02-23 04:04:45 -------- d-----w- c:\programdata\Tarma Installer
2012-02-18 10:03:43 -------- d-----w- c:\users\matthew\appdata\roaming\EndNote
2012-02-18 10:00:10 -------- d-----w- c:\program files\common files\Risxtd
2012-02-18 10:00:04 -------- d-----w- c:\program files\common files\ResearchSoft
2012-02-18 09:58:25 -------- d-----w- c:\program files\EndNote X5
2012-02-18 09:57:34 -------- d-----w- c:\programdata\Thomson.ResearchSoft.Installers
2012-02-15 01:12:21 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 01:12:12 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 01:12:06 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 01:11:58 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 15:44:52 -------- d-----w- c:\programdata\AVG Secure Search
2012-02-14 15:44:49 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-02-14 15:44:46 -------- d-----w- c:\program files\AVG Secure Search
2012-02-08 07:04:25 224768 ----a-w- c:\windows\system32\schannel.dll
2012-02-08 07:04:25 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-02-08 07:04:24 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-08 07:04:24 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-02-08 07:04:24 314880 ----a-w- c:\windows\system32\webio.dll
2012-02-08 07:04:24 22528 ----a-w- c:\windows\system32\lsass.exe
2012-02-08 07:04:24 22016 ----a-w- c:\windows\system32\secur32.dll
2012-02-08 07:04:24 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-02-08 07:04:24 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-08 07:04:24 100352 ----a-w- c:\windows\system32\sspicli.dll
.
==================== Find3M ====================
.
2012-02-29 09:04:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 8:07:31.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:55 PM

Posted 08 March 2012 - 02:42 AM

Hello matthewnguyen15 and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Edited by SweetTech, 08 March 2012 - 02:43 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 matthewnguyen15

matthewnguyen15
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 08 March 2012 - 12:07 PM

Hi Sweet Tech thanks for your help.

2.

23:04:35.0833 12048 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
23:04:36.0912 12048 ============================================================
23:04:36.0913 12048 Current date / time: 2012/03/08 23:04:36.0912
23:04:36.0913 12048 SystemInfo:
23:04:36.0913 12048
23:04:36.0913 12048 OS Version: 6.1.7601 ServicePack: 1.0
23:04:36.0913 12048 Product type: Workstation
23:04:36.0914 12048 ComputerName: MATTHEWN-LAPTOP
23:04:36.0914 12048 UserName: Matthew
23:04:36.0914 12048 Windows directory: C:\windows
23:04:36.0914 12048 System windows directory: C:\windows
23:04:36.0914 12048 Processor architecture: Intel x86
23:04:36.0914 12048 Number of processors: 2
23:04:36.0914 12048 Page size: 0x1000
23:04:36.0915 12048 Boot type: Normal boot
23:04:36.0915 12048 ============================================================
23:04:38.0560 12048 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:04:39.0214 12048 \Device\Harddisk0\DR0:
23:04:39.0334 12048 MBR used
23:04:39.0335 12048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38BFB800
23:04:39.0675 12048 Initialize success
23:04:39.0675 12048 ============================================================
23:05:46.0133 6500 ============================================================
23:05:46.0133 6500 Scan started
23:05:46.0134 6500 Mode: Manual; SigCheck; TDLFS;
23:05:46.0134 6500 ============================================================
23:05:49.0418 6500 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
23:05:49.0782 6500 1394ohci - ok
23:05:50.0484 6500 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
23:05:50.0543 6500 ACPI - ok
23:05:50.0725 6500 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
23:05:50.0819 6500 AcpiPmi - ok
23:05:51.0216 6500 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
23:05:51.0307 6500 adp94xx - ok
23:05:51.0451 6500 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
23:05:51.0525 6500 adpahci - ok
23:05:51.0674 6500 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
23:05:51.0742 6500 adpu320 - ok
23:05:52.0044 6500 AF15BDA (2854e2e7d18ba46f908ac289cb180d1d) C:\windows\system32\Drivers\AF15BDA.sys
23:05:52.0179 6500 AF15BDA - ok
23:05:52.0339 6500 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
23:05:52.0467 6500 AFD - ok
23:05:52.0692 6500 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
23:05:52.0895 6500 AgereSoftModem - ok
23:05:53.0066 6500 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
23:05:53.0114 6500 agp440 - ok
23:05:53.0280 6500 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
23:05:53.0331 6500 aic78xx - ok
23:05:53.0998 6500 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
23:05:54.0048 6500 aliide - ok
23:05:54.0260 6500 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
23:05:54.0354 6500 amdagp - ok
23:05:54.0505 6500 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
23:05:54.0549 6500 amdide - ok
23:05:54.0687 6500 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
23:05:54.0802 6500 AmdK8 - ok
23:05:54.0939 6500 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
23:05:55.0024 6500 AmdPPM - ok
23:05:55.0171 6500 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
23:05:55.0234 6500 amdsata - ok
23:05:55.0367 6500 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
23:05:55.0441 6500 amdsbs - ok
23:05:55.0579 6500 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
23:05:55.0622 6500 amdxata - ok
23:05:56.0036 6500 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
23:05:56.0265 6500 AppID - ok
23:05:56.0586 6500 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
23:05:56.0639 6500 arc - ok
23:05:56.0766 6500 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
23:05:56.0819 6500 arcsas - ok
23:05:57.0321 6500 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
23:05:57.0531 6500 AsyncMac - ok
23:05:57.0713 6500 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
23:05:57.0757 6500 atapi - ok
23:05:58.0758 6500 atikmdag (c97be8350fbcb1960b22fad2e6c2b514) C:\windows\system32\DRIVERS\atikmdag.sys
23:05:59.0398 6500 atikmdag - ok
23:06:00.0080 6500 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\windows\System32\Drivers\avgldx86.sys
23:06:00.0169 6500 AvgLdx86 - ok
23:06:00.0309 6500 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\windows\System32\Drivers\avgmfx86.sys
23:06:00.0337 6500 AvgMfx86 - ok
23:06:00.0463 6500 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\windows\system32\Drivers\avgrkx86.sys
23:06:00.0499 6500 AvgRkx86 - ok
23:06:00.0658 6500 AvgTdiX (c8146274c463d640cb176ea5f45f9458) C:\windows\System32\Drivers\avgtdix.sys
23:06:00.0713 6500 AvgTdiX ( UnsignedFile.Multi.Generic ) - warning
23:06:00.0713 6500 AvgTdiX - detected UnsignedFile.Multi.Generic (1)
23:06:01.0116 6500 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
23:06:01.0258 6500 b06bdrv - ok
23:06:01.0403 6500 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
23:06:01.0497 6500 b57nd60x - ok
23:06:01.0981 6500 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
23:06:02.0133 6500 Beep - ok
23:06:02.0364 6500 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
23:06:02.0478 6500 blbdrive - ok
23:06:02.0758 6500 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
23:06:02.0819 6500 bowser - ok
23:06:02.0949 6500 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
23:06:03.0052 6500 BrFiltLo - ok
23:06:03.0167 6500 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
23:06:03.0239 6500 BrFiltUp - ok
23:06:03.0421 6500 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
23:06:03.0539 6500 Brserid - ok
23:06:03.0665 6500 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
23:06:03.0760 6500 BrSerWdm - ok
23:06:03.0880 6500 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
23:06:04.0015 6500 BrUsbMdm - ok
23:06:04.0161 6500 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
23:06:04.0261 6500 BrUsbSer - ok
23:06:04.0557 6500 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
23:06:04.0649 6500 BTHMODEM - ok
23:06:05.0464 6500 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
23:06:05.0565 6500 cdfs - ok
23:06:05.0761 6500 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
23:06:05.0853 6500 cdrom - ok
23:06:06.0219 6500 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
23:06:06.0309 6500 circlass - ok
23:06:06.0479 6500 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
23:06:06.0542 6500 CLFS - ok
23:06:06.0858 6500 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
23:06:06.0932 6500 CmBatt - ok
23:06:07.0071 6500 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
23:06:07.0117 6500 cmdide - ok
23:06:07.0284 6500 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
23:06:07.0406 6500 CNG - ok
23:06:07.0617 6500 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
23:06:07.0660 6500 Compbatt - ok
23:06:07.0854 6500 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
23:06:07.0956 6500 CompositeBus - ok
23:06:08.0333 6500 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
23:06:08.0407 6500 crcdisk - ok
23:06:09.0658 6500 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
23:06:09.0763 6500 DfsC - ok
23:06:10.0018 6500 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
23:06:10.0155 6500 discache - ok
23:06:10.0299 6500 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
23:06:10.0344 6500 Disk - ok
23:06:11.0063 6500 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
23:06:11.0139 6500 drmkaud - ok
23:06:11.0523 6500 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
23:06:11.0646 6500 DXGKrnl - ok
23:06:12.0001 6500 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
23:06:12.0283 6500 ebdrv - ok
23:06:12.0733 6500 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
23:06:12.0809 6500 elxstor - ok
23:06:13.0280 6500 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
23:06:13.0357 6500 ErrDev - ok
23:06:13.0587 6500 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
23:06:13.0728 6500 exfat - ok
23:06:13.0927 6500 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
23:06:14.0080 6500 fastfat - ok
23:06:14.0271 6500 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
23:06:14.0352 6500 fdc - ok
23:06:14.0598 6500 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
23:06:14.0656 6500 FileInfo - ok
23:06:14.0843 6500 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
23:06:14.0968 6500 Filetrace - ok
23:06:15.0197 6500 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
23:06:15.0270 6500 flpydisk - ok
23:06:15.0393 6500 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
23:06:15.0434 6500 FltMgr - ok
23:06:15.0708 6500 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
23:06:15.0761 6500 FsDepends - ok
23:06:15.0945 6500 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
23:06:16.0002 6500 Fs_Rec - ok
23:06:16.0207 6500 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
23:06:16.0284 6500 fvevol - ok
23:06:16.0412 6500 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
23:06:16.0465 6500 gagp30kx - ok
23:06:16.0714 6500 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
23:06:16.0742 6500 GEARAspiWDM - ok
23:06:17.0380 6500 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
23:06:17.0475 6500 hcw85cir - ok
23:06:17.0640 6500 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
23:06:17.0749 6500 HdAudAddService - ok
23:06:17.0902 6500 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
23:06:18.0006 6500 HDAudBus - ok
23:06:18.0223 6500 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
23:06:18.0318 6500 HidBatt - ok
23:06:18.0432 6500 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
23:06:18.0545 6500 HidBth - ok
23:06:18.0667 6500 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
23:06:18.0747 6500 HidIr - ok
23:06:18.0919 6500 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
23:06:19.0071 6500 HidUsb - ok
23:06:19.0461 6500 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
23:06:19.0510 6500 HpSAMD - ok
23:06:19.0912 6500 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
23:06:20.0084 6500 HTTP - ok
23:06:20.0226 6500 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
23:06:20.0271 6500 hwpolicy - ok
23:06:20.0470 6500 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
23:06:20.0553 6500 i8042prt - ok
23:06:20.0817 6500 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
23:06:20.0864 6500 iaStor - ok
23:06:21.0009 6500 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
23:06:21.0087 6500 iaStorV - ok
23:06:21.0677 6500 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
23:06:22.0069 6500 igfx - ok
23:06:22.0209 6500 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
23:06:22.0255 6500 iirsp - ok
23:06:22.0827 6500 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
23:06:23.0327 6500 IntcAzAudAddService - ok
23:06:23.0492 6500 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
23:06:23.0536 6500 intelide - ok
23:06:23.0651 6500 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
23:06:23.0732 6500 intelppm - ok
23:06:24.0119 6500 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
23:06:24.0236 6500 IpFilterDriver - ok
23:06:24.0410 6500 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
23:06:24.0519 6500 IPMIDRV - ok
23:06:24.0632 6500 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
23:06:24.0773 6500 IPNAT - ok
23:06:25.0010 6500 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
23:06:25.0138 6500 IRENUM - ok
23:06:25.0315 6500 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
23:06:25.0379 6500 isapnp - ok
23:06:25.0528 6500 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
23:06:25.0599 6500 iScsiPrt - ok
23:06:26.0200 6500 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
23:06:26.0243 6500 kbdclass - ok
23:06:26.0426 6500 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
23:06:26.0519 6500 kbdhid - ok
23:06:26.0973 6500 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
23:06:27.0006 6500 KSecDD - ok
23:06:27.0099 6500 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
23:06:27.0152 6500 KSecPkg - ok
23:06:27.0707 6500 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
23:06:27.0816 6500 lltdio - ok
23:06:28.0094 6500 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys
23:06:28.0117 6500 LPCFilter - ok
23:06:28.0277 6500 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
23:06:28.0328 6500 LSI_FC - ok
23:06:28.0442 6500 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
23:06:28.0506 6500 LSI_SAS - ok
23:06:28.0617 6500 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
23:06:28.0671 6500 LSI_SAS2 - ok
23:06:28.0776 6500 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
23:06:28.0829 6500 LSI_SCSI - ok
23:06:28.0965 6500 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
23:06:29.0091 6500 luafv - ok
23:06:30.0041 6500 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\windows\system32\drivers\mbam.sys
23:06:30.0074 6500 MBAMProtector - ok
23:06:30.0284 6500 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\windows\system32\DRIVERS\mcdbus.sys
23:06:30.0345 6500 mcdbus ( UnsignedFile.Multi.Generic ) - warning
23:06:30.0345 6500 mcdbus - detected UnsignedFile.Multi.Generic (1)
23:06:30.0830 6500 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
23:06:30.0871 6500 megasas - ok
23:06:30.0981 6500 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
23:06:31.0029 6500 MegaSR - ok
23:06:31.0614 6500 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
23:06:31.0769 6500 Modem - ok
23:06:31.0917 6500 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
23:06:32.0002 6500 monitor - ok
23:06:32.0200 6500 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
23:06:32.0248 6500 mouclass - ok
23:06:32.0382 6500 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
23:06:32.0486 6500 mouhid - ok
23:06:32.0629 6500 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
23:06:32.0679 6500 mountmgr - ok
23:06:32.0833 6500 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
23:06:32.0889 6500 mpio - ok
23:06:33.0008 6500 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
23:06:33.0136 6500 mpsdrv - ok
23:06:33.0502 6500 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
23:06:33.0634 6500 MRxDAV - ok
23:06:33.0785 6500 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
23:06:33.0893 6500 mrxsmb - ok
23:06:34.0053 6500 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
23:06:34.0143 6500 mrxsmb10 - ok
23:06:34.0283 6500 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
23:06:34.0354 6500 mrxsmb20 - ok
23:06:34.0495 6500 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
23:06:34.0537 6500 msahci - ok
23:06:34.0699 6500 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
23:06:34.0753 6500 msdsm - ok
23:06:34.0907 6500 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
23:06:35.0025 6500 Msfs - ok
23:06:35.0219 6500 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
23:06:35.0370 6500 mshidkmdf - ok
23:06:35.0567 6500 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
23:06:35.0615 6500 msisadrv - ok
23:06:35.0798 6500 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
23:06:35.0941 6500 MSKSSRV - ok
23:06:36.0104 6500 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
23:06:36.0284 6500 MSPCLOCK - ok
23:06:36.0408 6500 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
23:06:36.0559 6500 MSPQM - ok
23:06:36.0683 6500 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
23:06:36.0736 6500 MsRPC - ok
23:06:36.0886 6500 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
23:06:36.0931 6500 mssmbios - ok
23:06:37.0202 6500 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
23:06:37.0339 6500 MSTEE - ok
23:06:37.0453 6500 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
23:06:37.0511 6500 MTConfig - ok
23:06:37.0676 6500 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
23:06:37.0720 6500 Mup - ok
23:06:38.0136 6500 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
23:06:38.0239 6500 NativeWifiP - ok
23:06:38.0582 6500 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
23:06:38.0712 6500 NDIS - ok
23:06:38.0843 6500 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
23:06:38.0979 6500 NdisCap - ok
23:06:39.0185 6500 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
23:06:39.0318 6500 NdisTapi - ok
23:06:39.0461 6500 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
23:06:39.0583 6500 Ndisuio - ok
23:06:39.0721 6500 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
23:06:39.0862 6500 NdisWan - ok
23:06:40.0000 6500 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
23:06:40.0131 6500 NDProxy - ok
23:06:40.0295 6500 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
23:06:40.0442 6500 NetBIOS - ok
23:06:40.0585 6500 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
23:06:40.0731 6500 NetBT - ok
23:06:41.0133 6500 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
23:06:41.0175 6500 nfrd960 - ok
23:06:41.0727 6500 nmwcd (b0a67de1a128389aea4d42c5a56215fd) C:\windows\system32\drivers\ccdcmb.sys
23:06:41.0926 6500 nmwcd - ok
23:06:42.0089 6500 nmwcdc (60ef5f5621d7832f00a3f190a0c905e2) C:\windows\system32\drivers\ccdcmbo.sys
23:06:42.0221 6500 nmwcdc - ok
23:06:42.0412 6500 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
23:06:42.0534 6500 Npfs - ok
23:06:42.0804 6500 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
23:06:42.0939 6500 nsiproxy - ok
23:06:43.0253 6500 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
23:06:43.0425 6500 Ntfs - ok
23:06:43.0668 6500 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
23:06:43.0755 6500 Null - ok
23:06:44.0052 6500 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
23:06:44.0112 6500 nvraid - ok
23:06:44.0277 6500 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
23:06:44.0333 6500 nvstor - ok
23:06:44.0513 6500 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
23:06:44.0568 6500 nv_agp - ok
23:06:45.0153 6500 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
23:06:45.0218 6500 ohci1394 - ok
23:06:46.0251 6500 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
23:06:46.0295 6500 Parport - ok
23:06:46.0433 6500 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
23:06:46.0495 6500 partmgr - ok
23:06:46.0603 6500 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
23:06:46.0684 6500 Parvdm - ok
23:06:47.0193 6500 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
23:06:47.0246 6500 pci - ok
23:06:47.0431 6500 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
23:06:47.0477 6500 pciide - ok
23:06:47.0630 6500 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
23:06:47.0694 6500 pcmcia - ok
23:06:47.0918 6500 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
23:06:47.0969 6500 pcw - ok
23:06:48.0555 6500 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
23:06:48.0729 6500 PEAUTH - ok
23:06:49.0025 6500 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
23:06:49.0127 6500 PGEffect - ok
23:06:49.0751 6500 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
23:06:49.0859 6500 PptpMiniport - ok
23:06:50.0030 6500 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
23:06:50.0108 6500 Processor - ok
23:06:50.0529 6500 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
23:06:50.0673 6500 Psched - ok
23:06:50.0999 6500 pwdrvio (81ac2b3fa0e3b4d7fa03d7463abe2094) C:\windows\system32\pwdrvio.sys
23:06:51.0098 6500 pwdrvio - ok
23:06:51.0272 6500 pwdspio (2d88214f6b54567eab0a6c42915aa600) C:\windows\system32\pwdspio.sys
23:06:51.0377 6500 pwdspio - ok
23:06:51.0838 6500 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
23:06:52.0003 6500 ql2300 - ok
23:06:52.0112 6500 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
23:06:52.0179 6500 ql40xx - ok
23:06:52.0383 6500 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
23:06:52.0460 6500 QWAVEdrv - ok
23:06:52.0741 6500 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
23:06:52.0850 6500 RasAcd - ok
23:06:52.0990 6500 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
23:06:53.0086 6500 RasAgileVpn - ok
23:06:53.0235 6500 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
23:06:53.0374 6500 Rasl2tp - ok
23:06:53.0529 6500 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
23:06:53.0670 6500 RasPppoe - ok
23:06:53.0812 6500 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
23:06:53.0999 6500 RasSstp - ok
23:06:54.0323 6500 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
23:06:54.0443 6500 rdbss - ok
23:06:54.0588 6500 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
23:06:54.0635 6500 rdpbus - ok
23:06:54.0774 6500 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
23:06:54.0900 6500 RDPCDD - ok
23:06:55.0054 6500 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
23:06:55.0182 6500 RDPENCDD - ok
23:06:55.0346 6500 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
23:06:55.0534 6500 RDPREFMP - ok
23:06:55.0696 6500 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
23:06:55.0845 6500 RDPWD - ok
23:06:56.0053 6500 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
23:06:56.0106 6500 rdyboost - ok
23:06:56.0702 6500 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\windows\system32\Drivers\RimUsb.sys
23:06:56.0774 6500 RimUsb - ok
23:06:57.0350 6500 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
23:06:57.0448 6500 rspndr - ok
23:06:57.0600 6500 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\system32\Drivers\RtsUStor.sys
23:06:57.0701 6500 RSUSBSTOR - ok
23:06:57.0941 6500 RTHDMIAzAudService (72a5515a2031d458dd38e9336594184b) C:\windows\system32\drivers\RtHDMIV.sys
23:06:58.0049 6500 RTHDMIAzAudService - ok
23:06:58.0163 6500 RTL2831UBDA (2519c5373c8ea17aa7576568952c68ca) C:\windows\system32\drivers\RTL2831UBDA.sys
23:06:58.0266 6500 RTL2831UBDA - ok
23:06:58.0432 6500 RTL2831UUSB (1b437e1066138f2ac92ca063ba742c3f) C:\windows\system32\Drivers\RTL2831UUSB.sys
23:06:58.0520 6500 RTL2831UUSB - ok
23:06:58.0692 6500 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys
23:06:58.0838 6500 RTL8167 - ok
23:06:59.0089 6500 rtl8192se (8327c64e9a4d052339c16499d08f7d6c) C:\windows\system32\DRIVERS\rtl8192se.sys
23:06:59.0249 6500 rtl8192se - ok
23:06:59.0432 6500 RtsUIR - ok
23:07:00.0287 6500 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
23:07:00.0325 6500 sbp2port - ok
23:07:00.0625 6500 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
23:07:00.0720 6500 scfilter - ok
23:07:01.0460 6500 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
23:07:01.0591 6500 secdrv - ok
23:07:01.0896 6500 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
23:07:01.0955 6500 Serenum - ok
23:07:02.0094 6500 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
23:07:02.0191 6500 Serial - ok
23:07:02.0357 6500 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
23:07:02.0446 6500 sermouse - ok
23:07:02.0834 6500 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
23:07:02.0923 6500 sffdisk - ok
23:07:03.0053 6500 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
23:07:03.0122 6500 sffp_mmc - ok
23:07:03.0257 6500 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
23:07:03.0337 6500 sffp_sd - ok
23:07:03.0506 6500 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
23:07:03.0597 6500 sfloppy - ok
23:07:04.0105 6500 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
23:07:04.0142 6500 sisagp - ok
23:07:04.0327 6500 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
23:07:04.0366 6500 SiSRaid2 - ok
23:07:04.0441 6500 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
23:07:04.0492 6500 SiSRaid4 - ok
23:07:04.0996 6500 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
23:07:05.0135 6500 Smb - ok
23:07:06.0006 6500 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
23:07:06.0037 6500 spldr - ok
23:07:06.0611 6500 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
23:07:06.0707 6500 srv - ok
23:07:06.0845 6500 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
23:07:06.0922 6500 srv2 - ok
23:07:07.0128 6500 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
23:07:07.0199 6500 srvnet - ok
23:07:07.0358 6500 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\windows\system32\DRIVERS\ssadbus.sys
23:07:07.0398 6500 ssadbus - ok
23:07:07.0546 6500 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\windows\system32\DRIVERS\ssadmdfl.sys
23:07:07.0572 6500 ssadmdfl - ok
23:07:07.0727 6500 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\windows\system32\DRIVERS\ssadmdm.sys
23:07:07.0764 6500 ssadmdm - ok
23:07:07.0909 6500 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\windows\system32\DRIVERS\ssadserd.sys
23:07:07.0946 6500 ssadserd - ok
23:07:08.0582 6500 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
23:07:08.0617 6500 stexstor - ok
23:07:09.0207 6500 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
23:07:09.0251 6500 swenum - ok
23:07:09.0849 6500 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
23:07:09.0888 6500 SynTP - ok
23:07:10.0329 6500 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
23:07:10.0470 6500 Tcpip - ok
23:07:10.0668 6500 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
23:07:10.0794 6500 TCPIP6 - ok
23:07:10.0974 6500 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
23:07:11.0105 6500 tcpipreg - ok
23:07:11.0306 6500 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
23:07:11.0342 6500 tdcmdpst - ok
23:07:11.0534 6500 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
23:07:11.0663 6500 TDPIPE - ok
23:07:11.0837 6500 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
23:07:11.0970 6500 TDTCP - ok
23:07:12.0126 6500 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
23:07:12.0255 6500 tdx - ok
23:07:12.0451 6500 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
23:07:12.0502 6500 TermDD - ok
23:07:13.0474 6500 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
23:07:13.0515 6500 tos_sps32 - ok
23:07:13.0993 6500 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
23:07:14.0108 6500 tssecsrv - ok
23:07:14.0267 6500 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
23:07:14.0364 6500 TsUsbFlt - ok
23:07:14.0565 6500 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
23:07:14.0706 6500 tunnel - ok
23:07:14.0876 6500 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
23:07:14.0905 6500 TVALZ - ok
23:07:15.0012 6500 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
23:07:15.0059 6500 TVALZFL - ok
23:07:15.0320 6500 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
23:07:15.0372 6500 uagp35 - ok
23:07:15.0529 6500 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
23:07:15.0678 6500 udfs - ok
23:07:16.0028 6500 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
23:07:16.0086 6500 uliagpkx - ok
23:07:16.0252 6500 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
23:07:16.0334 6500 umbus - ok
23:07:16.0448 6500 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
23:07:16.0523 6500 UmPass - ok
23:07:16.0874 6500 upperdev (bb16932a4189e82d6c455042c11849b6) C:\windows\system32\DRIVERS\usbser_lowerflt.sys
23:07:16.0971 6500 upperdev - ok
23:07:17.0330 6500 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
23:07:17.0420 6500 USBAAPL - ok
23:07:17.0574 6500 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
23:07:17.0686 6500 usbaudio - ok
23:07:17.0824 6500 usbbus - ok
23:07:17.0945 6500 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
23:07:18.0069 6500 usbccgp - ok
23:07:18.0178 6500 USBCCID - ok
23:07:18.0352 6500 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
23:07:18.0418 6500 usbcir - ok
23:07:18.0545 6500 UsbDiag - ok
23:07:18.0684 6500 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
23:07:18.0758 6500 usbehci - ok
23:07:18.0932 6500 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
23:07:19.0030 6500 usbhub - ok
23:07:19.0188 6500 USBModem - ok
23:07:19.0291 6500 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
23:07:19.0375 6500 usbohci - ok
23:07:19.0499 6500 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
23:07:19.0586 6500 usbprint - ok
23:07:19.0728 6500 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
23:07:19.0820 6500 usbscan - ok
23:07:19.0985 6500 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\windows\system32\drivers\usbser.sys
23:07:20.0090 6500 usbser - ok
23:07:20.0252 6500 UsbserFilt (e748d50b3b2ec7f40a2ba67fb094cf01) C:\windows\system32\DRIVERS\usbser_lowerfltj.sys
23:07:20.0347 6500 UsbserFilt - ok
23:07:20.0508 6500 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
23:07:20.0631 6500 USBSTOR - ok
23:07:20.0790 6500 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\DRIVERS\usbuhci.sys
23:07:20.0890 6500 usbuhci - ok
23:07:21.0074 6500 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
23:07:21.0132 6500 usbvideo - ok
23:07:21.0896 6500 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
23:07:21.0923 6500 vdrvroot - ok
23:07:22.0116 6500 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
23:07:22.0177 6500 vga - ok
23:07:22.0306 6500 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
23:07:22.0409 6500 VgaSave - ok
23:07:22.0541 6500 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
23:07:22.0576 6500 vhdmp - ok
23:07:22.0775 6500 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
23:07:22.0826 6500 viaagp - ok
23:07:22.0942 6500 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
23:07:22.0999 6500 ViaC7 - ok
23:07:23.0148 6500 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
23:07:23.0174 6500 viaide - ok
23:07:23.0575 6500 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
23:07:23.0599 6500 volmgr - ok
23:07:23.0718 6500 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
23:07:23.0795 6500 volmgrx - ok
23:07:23.0946 6500 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
23:07:24.0017 6500 volsnap - ok
23:07:24.0464 6500 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
23:07:24.0531 6500 vsmraid - ok
23:07:24.0850 6500 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
23:07:24.0931 6500 vwifibus - ok
23:07:25.0071 6500 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
23:07:25.0162 6500 vwififlt - ok
23:07:25.0312 6500 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
23:07:25.0409 6500 vwifimp - ok
23:07:25.0713 6500 VX3000 (b763b9807e6927004916c999fdb44c77) C:\windows\system32\DRIVERS\VX3000.sys
23:07:25.0948 6500 VX3000 - ok
23:07:26.0539 6500 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
23:07:26.0605 6500 WacomPen - ok
23:07:26.0820 6500 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
23:07:26.0954 6500 WANARP - ok
23:07:26.0981 6500 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
23:07:27.0137 6500 Wanarpv6 - ok
23:07:27.0487 6500 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
23:07:27.0521 6500 Wd - ok
23:07:27.0676 6500 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
23:07:27.0765 6500 Wdf01000 - ok
23:07:28.0469 6500 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
23:07:28.0562 6500 WfpLwf - ok
23:07:28.0853 6500 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
23:07:28.0898 6500 WIMMount - ok
23:07:29.0446 6500 WinRing0_1_2_0 (845af1ba23c8d5e64def61bcc441604c) C:\Program Files\BatteryCare\WinRing0.sys
23:07:29.0561 6500 WinRing0_1_2_0 - ok
23:07:29.0880 6500 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
23:07:29.0971 6500 WinUsb - ok
23:07:30.0528 6500 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
23:07:30.0599 6500 WmiAcpi - ok
23:07:31.0090 6500 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
23:07:31.0223 6500 ws2ifsl - ok
23:07:31.0540 6500 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
23:07:31.0688 6500 WudfPf - ok
23:07:31.0869 6500 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
23:07:31.0990 6500 WUDFRd - ok
23:07:32.0612 6500 xusb21 (c26c68bcbac1f33f890c226769759209) C:\windows\system32\DRIVERS\xusb21.sys
23:07:32.0702 6500 xusb21 - ok
23:07:33.0876 6500 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
23:07:34.0041 6500 \Device\Harddisk0\DR0 - ok
23:07:34.0086 6500 Boot (0x1200) (c9662b7a7002e0ea462f87abf95f32af) \Device\Harddisk0\DR0\Partition0
23:07:34.0089 6500 \Device\Harddisk0\DR0\Partition0 - ok
23:07:34.0094 6500 ============================================================
23:07:34.0094 6500 Scan finished
23:07:34.0094 6500 ============================================================
23:07:34.0146 4664 Detected object count: 2
23:07:34.0146 4664 Actual detected object count: 2
23:13:54.0571 4664 AvgTdiX ( UnsignedFile.Multi.Generic ) - skipped by user
23:13:54.0571 4664 AvgTdiX ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:13:54.0579 4664 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
23:13:54.0579 4664 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:14:08.0443 7388 Deinitialize success

#4 matthewnguyen15

matthewnguyen15
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 08 March 2012 - 12:09 PM

3.

Farbar Service Scanner Version: 01-03-2012
Ran by Matthew (administrator) on 08-03-2012 at 23:27:49
Running from "C:\Users\Matthew\Downloads\bleeping computer"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#5 matthewnguyen15

matthewnguyen15
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 08 March 2012 - 12:25 PM

4. The OLT log was too big to post or upload what should i do?

OTL Extras logfile created on: 3/8/2012 11:35:14 PM - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Matthew\Downloads\bleeping computer
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.97 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 57.31% Memory free
5.93 Gb Paging File | 4.20 Gb Available in Paging File | 70.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.99 Gb Total Space | 24.30 Gb Free Space | 5.35% Space Free | Partition Type: NTFS
Drive E: | 34.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MATTHEWN-LAPTOP | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1821311379-1043337135-4014153460-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 29
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2D911CA4-D8A8-468E-8141-3BEEB9010901}" = SimHID Setup
"{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese
"{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing
"{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.0.4
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{601E6234-EC57-0948-6E33-7F2339EC5AA1}" = ATI Catalyst Install Manager
"{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish
"{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}" = EndNote X5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1" = BatteryCare 0.9.9.0
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CC6ECC37-F908-4575-D549-3E0F1084B2B3}" = ccc-utility
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE59B901-18EA-4CB9-ADE4-291BF5C1E12E}_is1" = MiniTool Partition Wizard Home Edition 7.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New
"{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Movie Shrink & Burn 2_is1" = Ashampoo Movie Shrink & Burn 2.21
"AVG9Uninstall" = AVG 9.0
"Basketball Playbook 010_is1" = Basketball Playbook 010
"C57EF7F1534C45E0A0C73702FFAACC057CFF6651" = Windows Driver Package - LAKO (mod7700) Media (08/23/2007 2.3.3.4)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON TX110 Series" = EPSON TX110 Series Printer Uninstall
"Forex Supersonic - Advanced" = Forex Supersonic - Advanced
"FrostWire" = FrostWire 4.21.1
"FXPRIMUS - MetaTrader 4 Platform" = FXPRIMUS - MetaTrader 4 Platform
"InstallShield_{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"InstallShield_{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LimeWire" = LimeWire 5.5.16
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"PhotoStage" = PhotoStage Slideshow Producer
"Plants vs. Zombies" = Plants vs. Zombies
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"PROHYBRIDR" = 2007 Microsoft Office system
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SopCast" = SopCast 3.2.9
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WorldUnlock Codes Calculator" = WorldUnlock Codes Calculator

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1821311379-1043337135-4014153460-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#6 matthewnguyen15

matthewnguyen15
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 08 March 2012 - 12:27 PM

5. My computer is running slower than it normally would. Google is still redirecting to abnow :angry:
Thankyou again for your help

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:55 PM

Posted 09 March 2012 - 12:34 AM

Good Evening matthewnguyen15!

Not a problem! I'm glad to be of assistance! :)

From the looks of your logs it looks like the infection has damaged some entries in the registry. We'll have to address those later.

Can you please try and zip up the OTL.txt log and then attach it, and see if it'll allow you to do that?

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 matthewnguyen15

matthewnguyen15
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 09 March 2012 - 10:57 PM

Hopefully this works

Attached Files

  • Attached File  OTL.zip   109.13KB   7 downloads


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:55 PM

Posted 10 March 2012 - 01:39 AM

Good Evening matthewnguyen15!

Yes, that did work! I was able to open the file successfully.

Thanks for attaching it. :)

Before we get started we need to disable TeaTimer, as it'll get in our way while running the fixes.

Disable SpyBot TeaTimer
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy


NEXT:



You're severely infected by ZeroAccess. It looks like it has a ton of malicious files.

Please run this utility:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 matthewnguyen15

matthewnguyen15
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 10 March 2012 - 10:37 AM

Ok so after combofix scan the abnow virus appears to be gone. Please find the attached log. How can i make sure i don't become infected with this virus again? any specific virus protection i can use?

Attached Files



#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:55 PM

Posted 12 March 2012 - 07:59 AM

Good Morning matthewnguyen15!

Apologizes for the delay, I've had some connection issues lately.

How can i make sure i don't become infected with this virus again? any specific virus protection i can use?

We'll address this a little later, but we still have some work to do.

You have some values in your registry that are corrupted, I'm going to provide you with instructions for replacing them with the default entries manually.

ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.

ERUNT utility program
Download:

  • Please download ERUNT...by Lars Hederer. Save it to your desktop.
  • Double-click erunt-setup-exe to start the install process. Follow the install prompts.
  • Use the default install settings...
    say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.
  • Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK ... Then click on "YES" to create the folder.
Run:
  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


NEXT:



Please press the Windows key + R.

This should display the Run Dialog box.

Type in regedit

You'll see a User Account Control warning pop-up asking for Administrator Rights. Please select Yes, when it prompts you.


In the Registry Editor, navigate to the following key (the small folder icons) - use the "+" symbols in the left panel to expand the tree entries:

HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost

In the right panel under Name, locate the following:

NETSVCS

Right click on that, and select Modify. When that display opens you will see a long list of names.

Please Copy the contents of the code box below and then in the Edit Multi-String window right click and choose Select All followed by Ctrl + V which should paste the contents below into the Edit Multi-String window for us. After you do that please click on OK to close out of the Multi-String window.

AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
Reboot your computer, and then run a new scan with ComboFix. Please be sure to provide me with the new ComboFix log.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 matthewnguyen15

matthewnguyen15
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 12 March 2012 - 08:31 AM

Hey sweet tech

When running step 3

"Next click on "OK"... at the prompt... reply "Yes".
After a short duration the Registry backup is complete! pop-up message will appear"

I get the error message

"The contents of this folder C:\windows\ERDNT\3-12-2012 could not be completely deleted"

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:55 PM

Posted 12 March 2012 - 11:50 PM

Hi!

Could you please see if you can try to create a new back-up and then see if it's able to complete successfully?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 matthewnguyen15

matthewnguyen15
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 13 March 2012 - 07:26 PM

I managed to ceate a back up registry and then i edited the registry. After rebooting the computer i ran combofix, the log is attached.

Attached Files



#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:55 PM

Posted 14 March 2012 - 09:22 AM

Hi!

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
DirLook::
c:\windows\system32\%APPDATA%
c:\users\Matthew\AppData\Local\c4820430

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users