Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans, MyWebSearch Infection and Redirects in IE


  • This topic is locked This topic is locked
22 replies to this topic

#1 protrader71

protrader71

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 26 May 2012 - 10:34 PM

Hello,

I recently posted about an infection on my PC and the BleepingComputer tech helped get everything working again. This time my mother's laptop has completely been swamped with Malware. I ran MalwareBytes (MBAM) and found 112 infections on her laptop. There were 3 trojans in a previous scan (I don't have the names of those). But as for the scan with 112 infected objects, "pup.mywebsearch" appeared with all of them. While MBAM cleaned those up Internet Explorer is totally corrupted. Every time I open it up, it opens several tabs to some random website, before they can all finish opening IE crashes. Firefox appears to be ok at the moment.

I ran the preliminary programs as per the guidelines. I'm attaching the DDS and Attach files as well as the log from GMER. I should note that she an old version of AVG and I was only able to disable the Resident Shield, I could not disable the Antivirus part of AVG during those scans. I debated upgrading the AVG, just so I could disable all the AVG functions...Or uninstalling AVG while I work to correct this issue.

Once again I want to thank everyone associated with bleepingcomputer, this is a fantastic site / forum. -- Please advise how to proceed from here. If you have any questions (would like to see the MBAM log with all the infections before quarantined, I can share that log ... feel free to ask.

Thanks in advance
protrader71

----
DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Paulette R at 20:49:49 on 2012-05-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1534 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\atashost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^UX^xdm002^S00828^us&ptb=10A112F8-ACC2-4D1B-A8B5-1D001AC778C9&si=CIvSvpTKv68CFQ1U7Aod_wLEwA
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.1852\swg.dll
BHO: RewardsArcadeSuite: {b6ef6c45-5e8d-4c3b-b580-a5073261a381} - c:\program files\rewardsarcadesuite\RewardsArcadeSuite.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} - c:\program files\mapsgalaxy_39\bar\1.bin\39bar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Skytel] Skytel.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{5299EDC5-C09C-495E-ABB6-F6BDA5F81CBD} : DhcpNameServer = 207.69.188.186 207.69.188.187
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\paulette ridley\appdata\roaming\mozilla\firefox\profiles\3gm09w2e.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B86ad44a2-7bb5-41bc-a54e-7d8a475b28d1%7D&mid=4a00eeb79d216f2bfc37883ba51cd07b-65f0cc09e22a6d7bf9a83e44ea2cb1337f2950a1&ds=AVG&v=10.2.0.3&lang=us&pr=fr&d=2011-12-16%2020%3A39%3A10&sap=ku&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
FF - Ext: AVG Security Toolbar: avg@toolbar - c:\programdata\avg secure search\10.2.0.3
FF - Ext: MapsGalaxy: 39ffxtbr@MapsGalaxy_39.com - c:\program files\mapsgalaxy_39\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-19 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-19 29712]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-19 243152]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-1-11 20384]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-7-27 20376]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-17 654408]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-16 918880]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-17 22344]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-28 167264]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-21 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-1-11 954368]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-07 22:35:05 -------- d-----w- c:\programdata\MFAData
2012-04-27 19:40:34 -------- d-----w- c:\users\paulette ridley\appdata\local\IAC
.
==================== Find3M ====================
.
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-01 14:46:01 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-01 14:46:01 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:08:47 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-29 13:44:50 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-29 13:41:40 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 20:50:20.41 ===============


Attach Log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/11/2009 11:17:15 AM
System Uptime: 5/26/2012 6:40:02 PM (2 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 160.141 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.2
Amazon Links
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
AVG Free 9.0
Camera Assistant Software for Toshiba
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Chica Password Manager 1.10.0.6
Cisco Connect
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco Network Magic
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
DVD MovieFactory for TOSHIBA
File Type Assistant
Free File Viewer 2011
Freeze.com NetAssistant
Google Desktop
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Inbox Toolbar
InstallIQ Updater
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java™ 6 Update 6
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office XP Professional
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
National Audubon Screensaver
NetAssistant
Network Magic
NetZero Internet Access Installer
Picasa 2
Pure Networks Platform
QuickBooks Financial Center
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RewardsArcadeSuite
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skype Toolbars
Skype™ 4.2
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WebEx Support Manager for Internet Explorer
WildTangent Games
Windows Media Encoder 9 Series
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/26/2012 8:22:57 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.33.100 for the Network Card with network address 0024D23B72ED has been denied by the DHCP server 192.168.33.1 (The DHCP Server sent a DHCPNACK message).
5/26/2012 7:05:30 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user PauletteRidl-PC\Paulette Ridley SID (S-1-5-21-1990609593-3534744734-3468119329-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/26/2012 6:57:04 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.33.110 for the Network Card with network address 0024D23B72ED has been denied by the DHCP server 192.168.33.1 (The DHCP Server sent a DHCPNACK message).
5/26/2012 5:09:12 PM, Error: EventLog [6008] - The previous system shutdown at 5:07:10 PM on 5/26/2012 was unexpected.
5/26/2012 4:49:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the W32Time service.
5/26/2012 4:48:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
5/22/2012 6:21:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
.
==== End Of File ===========================


GMER Log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-26 23:06:28
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO
Running: gbhqjb2q.exe; Driver: C:\Users\PAULET~1\AppData\Local\Temp\kxxyipog.sys


---- Kernel code sections - GMER 1.0.15 ----

? System32\drivers\vvolcqln.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A556480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A597900, 0x3CA, 0x48000040]
? C:\Users\PAULET~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:30 AM

Posted 27 May 2012 - 06:29 AM

Hello and Welcome back to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 protrader71

protrader71
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 27 May 2012 - 04:49 PM

Hello Gringo, you helped me with my PC probs a couple of weeks ago. Now I'm working on my mother's laptop. I ran the Security Check and ComboFix programs. I didn't have any problem running either of those progs. Afterwards, I opened up IE browse and still incurred problems. It looked like it was trying to open up to "mywebsearch", but before doing so an error message would pop up and soon as I tried to close it, it would start the whole process over and over again. It took a couple of minutes just to finally close IE down. I then tried to post this info using her FireFox browser, however, now when I starting this message and copying an pasting the logs the scroll bar over to the right just kept scrolling down all the way to the bottom, I would move it back to the top and it wouldn't allow me to type in the reply box, it immediately starts scrolling down to the bottom of the page. Very strange, not sure if that is virus related or her mouses is acting up with her laptop. If you have any questions, please feel free to ask. Thanks!

Here are the logs:
Results of screen317's Security Check version 0.99.38
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Anti-Virus Free
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner (remove only)
Java™ 6 Update 6
Java version out of date!
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (3.0.19) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes Anti-Malware mbamservice.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````


ComboFix 12-05-27.02 - Paulette R 05/27/2012 17:15:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1952 [GMT -4:00]
Running from: c:\users\Paulette R\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Paulette R\Documents\~WRL0101.tmp
c:\users\Paulette R\Documents\~WRL0250.tmp
c:\users\Paulette R\Documents\~WRL0252.tmp
c:\users\Paulette R\Documents\~WRL0456.tmp
c:\users\Paulette R\Documents\~WRL1098.tmp
c:\users\Paulette R\Documents\~WRL1446.tmp
c:\users\Paulette R\Documents\~WRL3222.tmp
c:\users\Paulette R\Documents\~WRL3250.tmp
c:\users\Paulette R\Documents\~WRL3558.tmp
c:\users\Paulette R\Documents\~WRL3950.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-27 21:20 . 2012-05-27 21:20 -------- d-----w- c:\users\Paulette R\AppData\Local\temp
2012-05-27 21:20 . 2012-05-27 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-07 22:35 . 2012-05-07 22:35 -------- d-----w- c:\programdata\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2012-04-17 21:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 07:02 . 2012-03-29 07:02 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-29 07:02 . 2012-03-29 07:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-29 07:02 . 2012-03-29 07:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-29 07:02 . 2012-03-29 07:02 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-29 07:02 . 2012-03-29 07:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-29 07:02 . 2012-03-29 07:02 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-29 07:02 . 2012-03-29 07:02 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-29 07:02 . 2012-03-29 07:02 367104 ----a-w- c:\windows\system32\html.iec
2012-03-29 07:02 . 2012-03-29 07:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-29 07:02 . 2012-03-29 07:02 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-29 07:02 . 2012-03-29 07:02 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-29 07:02 . 2012-03-29 07:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-29 07:02 . 2012-03-29 07:02 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-29 07:02 . 2012-03-29 07:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-29 07:02 . 2012-03-29 07:02 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-29 07:02 . 2012-03-29 07:02 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-29 07:02 . 2012-03-29 07:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-29 15:11 . 2012-04-12 07:10 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 07:10 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-12 07:10 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-12 07:10 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-12 07:12 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 07:12 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 07:12 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 07:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-05 20:41 . 2011-02-05 20:41 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-17 01:09 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-17 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-31 2077536]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-17 982880]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-11 928096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-04-29 18:33 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-02-05 20:41 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-10-11 17:49 1179648 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 23:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-11 16:11 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-27 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-02-01 19:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^UX^xdm002^S00828^us&ptb=10A112F8-ACC2-4D1B-A8B5-1D001AC778C9&si=CIvSvpTKv68CFQ1U7Aod_wLEwA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 207.69.188.186 207.69.188.187
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Paulette R\AppData\Roaming\Mozilla\Firefox\Profiles\3gm09w2e.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B86ad44a2-7bb5-41bc-a54e-7d8a475b28d1%7D&mid=4a00eeb79d216f2bfc37883ba51cd07b-65f0cc09e22a6d7bf9a83e44ea2cb1337f2950a1&ds=AVG&v=10.2.0.3&lang=us&pr=fr&d=2011-12-16%2020%3A39%3A10&sap=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG9\Firefox
FF - Ext: AVG Security Toolbar: avg@toolbar - c:\programdata\AVG Secure Search\10.2.0.3
FF - Ext: MapsGalaxy: 39ffxtbr@MapsGalaxy_39.com - c:\program files\MapsGalaxy_39\bar\1.bin
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
MSConfigStartUp-MapsGalaxy Search Scope Monitor - c:\progra~1\MAPSGA~2\bar\1.bin\39srchmn.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-27 17:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????? ?m??h?????????????????
.
scanning hidden files ...
.
.
c:\users\PAULET~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-05-27 17:21:51
ComboFix-quarantined-files.txt 2012-05-27 21:21
.
Pre-Run: 173,194,104,832 bytes free
Post-Run: 173,133,623,296 bytes free
.
- - End Of File - - C3C22536A58A5A7D91CAFC8F0FBF20E7

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:30 AM

Posted 27 May 2012 - 08:15 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 protrader71

protrader71
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 27 May 2012 - 09:43 PM

Gringo here are the logs from the TDSSKiller and aswMBR progs.

22:20:50.0144 5896 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
22:20:50.0441 5896 ============================================================
22:20:50.0441 5896 Current date / time: 2012/05/27 22:20:50.0441
22:20:50.0441 5896 SystemInfo:
22:20:50.0441 5896
22:20:50.0441 5896 OS Version: 6.0.6002 ServicePack: 2.0
22:20:50.0441 5896 Product type: Workstation
22:20:50.0441 5896 ComputerName: PAULETTERIDL-PC
22:20:50.0441 5896 UserName: Paulette R
22:20:50.0441 5896 Windows directory: C:\Windows
22:20:50.0441 5896 System windows directory: C:\Windows
22:20:50.0441 5896 Processor architecture: Intel x86
22:20:50.0441 5896 Number of processors: 2
22:20:50.0441 5896 Page size: 0x1000
22:20:50.0441 5896 Boot type: Normal boot
22:20:50.0441 5896 ============================================================
22:20:50.0971 5896 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:20:50.0971 5896 ============================================================
22:20:50.0971 5896 \Device\Harddisk0\DR0:
22:20:50.0971 5896 MBR partitions:
22:20:50.0971 5896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1C059800
22:20:50.0971 5896 ============================================================
22:20:51.0018 5896 C: <-> \Device\Harddisk0\DR0\Partition0
22:20:51.0018 5896 ============================================================
22:20:51.0018 5896 Initialize success
22:20:51.0018 5896 ============================================================
22:20:57.0258 5932 ============================================================
22:20:57.0258 5932 Scan started
22:20:57.0258 5932 Mode: Manual;
22:20:57.0258 5932 ============================================================
22:20:57.0804 5932 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:20:57.0804 5932 ACPI - ok
22:20:58.0147 5932 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:20:58.0163 5932 adp94xx - ok
22:20:58.0303 5932 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:20:58.0319 5932 adpahci - ok
22:20:58.0350 5932 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:20:58.0350 5932 adpu160m - ok
22:20:58.0381 5932 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:20:58.0397 5932 adpu320 - ok
22:20:58.0444 5932 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
22:20:58.0444 5932 AeLookupSvc - ok
22:20:58.0615 5932 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:20:58.0631 5932 AFD - ok
22:20:58.0693 5932 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
22:20:58.0693 5932 AgereModemAudio - ok
22:20:58.0880 5932 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
22:20:58.0912 5932 AgereSoftModem - ok
22:20:58.0958 5932 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:20:58.0974 5932 agp440 - ok
22:20:58.0990 5932 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:20:58.0990 5932 aic78xx - ok
22:20:59.0052 5932 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
22:20:59.0052 5932 ALG - ok
22:20:59.0114 5932 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:20:59.0114 5932 aliide - ok
22:20:59.0270 5932 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:20:59.0302 5932 amdagp - ok
22:20:59.0333 5932 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:20:59.0333 5932 amdide - ok
22:20:59.0348 5932 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:20:59.0348 5932 AmdK7 - ok
22:20:59.0380 5932 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:20:59.0380 5932 AmdK8 - ok
22:20:59.0426 5932 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
22:20:59.0442 5932 Appinfo - ok
22:20:59.0489 5932 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:20:59.0489 5932 arc - ok
22:20:59.0520 5932 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:20:59.0520 5932 arcsas - ok
22:20:59.0551 5932 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:20:59.0551 5932 AsyncMac - ok
22:20:59.0567 5932 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
22:20:59.0567 5932 atapi - ok
22:20:59.0614 5932 atashost (40767b965a8d575d794f1f95e2e017e9) C:\Windows\system32\atashost.exe
22:20:59.0614 5932 atashost - ok
22:20:59.0972 5932 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
22:20:59.0988 5932 athr - ok
22:21:00.0097 5932 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:21:00.0097 5932 AudioEndpointBuilder - ok
22:21:00.0113 5932 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:21:00.0113 5932 Audiosrv - ok
22:21:00.0440 5932 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
22:21:00.0440 5932 AVG Security Toolbar Service - ok
22:21:00.0503 5932 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe
22:21:00.0518 5932 avg9wd - ok
22:21:00.0674 5932 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
22:21:00.0674 5932 AvgLdx86 - ok
22:21:00.0752 5932 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\System32\Drivers\avgmfx86.sys
22:21:00.0752 5932 AvgMfx86 - ok
22:21:00.0940 5932 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\System32\Drivers\avgtdix.sys
22:21:00.0940 5932 AvgTdiX - ok
22:21:01.0002 5932 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:21:01.0002 5932 Beep - ok
22:21:01.0064 5932 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
22:21:01.0064 5932 BFE - ok
22:21:01.0423 5932 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
22:21:01.0439 5932 BITS - ok
22:21:01.0470 5932 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:21:01.0470 5932 blbdrive - ok
22:21:01.0564 5932 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:21:01.0564 5932 bowser - ok
22:21:01.0579 5932 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:21:01.0579 5932 BrFiltLo - ok
22:21:01.0595 5932 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:21:01.0595 5932 BrFiltUp - ok
22:21:01.0626 5932 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
22:21:01.0626 5932 Browser - ok
22:21:01.0673 5932 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:21:01.0673 5932 Brserid - ok
22:21:01.0704 5932 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:21:01.0704 5932 BrSerWdm - ok
22:21:01.0720 5932 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:21:01.0720 5932 BrUsbMdm - ok
22:21:01.0735 5932 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:21:01.0735 5932 BrUsbSer - ok
22:21:01.0766 5932 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:21:01.0766 5932 BTHMODEM - ok
22:21:01.0860 5932 catchme - ok
22:21:01.0876 5932 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:21:01.0876 5932 cdfs - ok
22:21:01.0954 5932 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:21:01.0954 5932 cdrom - ok
22:21:02.0000 5932 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:21:02.0000 5932 CertPropSvc - ok
22:21:02.0032 5932 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:21:02.0032 5932 circlass - ok
22:21:02.0094 5932 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:21:02.0094 5932 CLFS - ok
22:21:02.0188 5932 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:21:02.0188 5932 clr_optimization_v2.0.50727_32 - ok
22:21:02.0328 5932 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:21:02.0328 5932 clr_optimization_v4.0.30319_32 - ok
22:21:02.0390 5932 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:21:02.0390 5932 CmBatt - ok
22:21:02.0406 5932 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:21:02.0406 5932 cmdide - ok
22:21:02.0422 5932 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:21:02.0422 5932 Compbatt - ok
22:21:02.0422 5932 COMSysApp - ok
22:21:02.0515 5932 ConfigFree Service (d10d01b2dfcd8d2f32a32ed29e8da1c2) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
22:21:02.0515 5932 ConfigFree Service - ok
22:21:02.0546 5932 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:21:02.0562 5932 crcdisk - ok
22:21:02.0609 5932 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:21:02.0609 5932 Crusoe - ok
22:21:02.0687 5932 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
22:21:02.0687 5932 CryptSvc - ok
22:21:02.0843 5932 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:21:02.0858 5932 DcomLaunch - ok
22:21:02.0936 5932 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:21:02.0936 5932 DfsC - ok
22:21:03.0389 5932 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
22:21:03.0451 5932 DFSR - ok
22:21:03.0794 5932 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
22:21:03.0794 5932 Dhcp - ok
22:21:03.0888 5932 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:21:03.0888 5932 disk - ok
22:21:03.0950 5932 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
22:21:03.0950 5932 Dnscache - ok
22:21:04.0028 5932 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
22:21:04.0028 5932 dot3svc - ok
22:21:04.0075 5932 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
22:21:04.0075 5932 DPS - ok
22:21:04.0138 5932 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:21:04.0138 5932 drmkaud - ok
22:21:04.0372 5932 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:21:04.0387 5932 DXGKrnl - ok
22:21:04.0418 5932 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:21:04.0434 5932 E1G60 - ok
22:21:04.0465 5932 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
22:21:04.0465 5932 EapHost - ok
22:21:04.0528 5932 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:21:04.0528 5932 Ecache - ok
22:21:04.0652 5932 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
22:21:04.0668 5932 ehRecvr - ok
22:21:04.0808 5932 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
22:21:04.0808 5932 ehSched - ok
22:21:04.0840 5932 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
22:21:04.0840 5932 ehstart - ok
22:21:04.0902 5932 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:21:04.0918 5932 elxstor - ok
22:21:04.0996 5932 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
22:21:05.0011 5932 EMDMgmt - ok
22:21:05.0042 5932 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:21:05.0042 5932 ErrDev - ok
22:21:05.0152 5932 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
22:21:05.0167 5932 EventSystem - ok
22:21:05.0386 5932 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:21:05.0386 5932 exfat - ok
22:21:05.0432 5932 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:21:05.0432 5932 fastfat - ok
22:21:05.0464 5932 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:21:05.0464 5932 fdc - ok
22:21:05.0479 5932 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
22:21:05.0479 5932 fdPHost - ok
22:21:05.0510 5932 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
22:21:05.0510 5932 FDResPub - ok
22:21:05.0557 5932 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:21:05.0557 5932 FileInfo - ok
22:21:05.0604 5932 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:21:05.0604 5932 Filetrace - ok
22:21:05.0620 5932 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:21:05.0620 5932 flpydisk - ok
22:21:05.0682 5932 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:21:05.0682 5932 FltMgr - ok
22:21:05.0994 5932 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
22:21:06.0010 5932 FontCache - ok
22:21:06.0103 5932 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:21:06.0103 5932 FontCache3.0.0.0 - ok
22:21:06.0134 5932 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
22:21:06.0134 5932 Fs_Rec - ok
22:21:06.0244 5932 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
22:21:06.0244 5932 FwLnk - ok
22:21:06.0259 5932 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:21:06.0259 5932 gagp30kx - ok
22:21:06.0368 5932 GameConsoleService (9dcf7dfe5fdbb0a47f8ee01fe13c2876) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
22:21:06.0384 5932 GameConsoleService - ok
22:21:06.0462 5932 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
22:21:06.0462 5932 GoogleDesktopManager-051210-111108 - ok
22:21:06.0556 5932 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
22:21:06.0556 5932 gpsvc - ok
22:21:06.0602 5932 gusvc (649f407a844dde2b97bc086af97d663b) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:21:06.0618 5932 gusvc - ok
22:21:06.0696 5932 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:21:06.0727 5932 HdAudAddService - ok
22:21:06.0899 5932 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:21:06.0899 5932 HDAudBus - ok
22:21:06.0930 5932 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:21:06.0930 5932 HidBth - ok
22:21:06.0961 5932 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:21:06.0977 5932 HidIr - ok
22:21:07.0008 5932 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
22:21:07.0008 5932 hidserv - ok
22:21:07.0039 5932 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:21:07.0039 5932 HidUsb - ok
22:21:07.0055 5932 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
22:21:07.0070 5932 hkmsvc - ok
22:21:07.0102 5932 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:21:07.0102 5932 HpCISSs - ok
22:21:07.0164 5932 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:21:07.0180 5932 HTTP - ok
22:21:07.0211 5932 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:21:07.0211 5932 i2omp - ok
22:21:07.0258 5932 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:21:07.0258 5932 i8042prt - ok
22:21:07.0382 5932 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
22:21:07.0382 5932 IAANTMON - ok
22:21:07.0460 5932 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
22:21:07.0460 5932 iaStor - ok
22:21:07.0507 5932 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:21:07.0507 5932 iaStorV - ok
22:21:07.0585 5932 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
22:21:07.0585 5932 IDriverT - ok
22:21:07.0897 5932 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:21:07.0913 5932 idsvc - ok
22:21:08.0474 5932 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:21:08.0506 5932 igfx - ok
22:21:08.0833 5932 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:21:08.0833 5932 iirsp - ok
22:21:08.0958 5932 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
22:21:08.0958 5932 IKEEXT - ok
22:21:09.0566 5932 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
22:21:09.0598 5932 IntcAzAudAddService - ok
22:21:10.0050 5932 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:21:10.0050 5932 intelide - ok
22:21:10.0081 5932 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:21:10.0081 5932 intelppm - ok
22:21:10.0144 5932 IO_Memory - ok
22:21:10.0284 5932 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
22:21:10.0300 5932 IPBusEnum - ok
22:21:10.0331 5932 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:21:10.0331 5932 IpFilterDriver - ok
22:21:10.0627 5932 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
22:21:10.0690 5932 iphlpsvc - ok
22:21:10.0690 5932 IpInIp - ok
22:21:10.0814 5932 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:21:10.0814 5932 IPMIDRV - ok
22:21:10.0908 5932 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:21:10.0908 5932 IPNAT - ok
22:21:10.0955 5932 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:21:10.0955 5932 IRENUM - ok
22:21:11.0033 5932 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:21:11.0033 5932 isapnp - ok
22:21:11.0158 5932 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:21:11.0158 5932 iScsiPrt - ok
22:21:11.0267 5932 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:21:11.0267 5932 iteatapi - ok
22:21:11.0423 5932 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:21:11.0423 5932 iteraid - ok
22:21:12.0094 5932 jswpsapi (957135960e7533ea5c7ea0bfb34f8efd) C:\Program Files\Jumpstart\jswpsapi.exe
22:21:12.0109 5932 jswpsapi - ok
22:21:12.0172 5932 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
22:21:12.0172 5932 jswpslwf - ok
22:21:12.0187 5932 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:21:12.0187 5932 kbdclass - ok
22:21:12.0296 5932 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
22:21:12.0296 5932 kbdhid - ok
22:21:12.0359 5932 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:21:12.0359 5932 KeyIso - ok
22:21:12.0577 5932 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
22:21:12.0577 5932 KR10I - ok
22:21:12.0624 5932 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
22:21:12.0624 5932 KR10N - ok
22:21:12.0686 5932 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
22:21:12.0686 5932 KSecDD - ok
22:21:12.0780 5932 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
22:21:12.0796 5932 KtmRm - ok
22:21:12.0842 5932 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
22:21:12.0858 5932 LanmanServer - ok
22:21:12.0952 5932 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
22:21:12.0952 5932 LanmanWorkstation - ok
22:21:12.0998 5932 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:21:12.0998 5932 lltdio - ok
22:21:13.0061 5932 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
22:21:13.0061 5932 lltdsvc - ok
22:21:13.0092 5932 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
22:21:13.0092 5932 lmhosts - ok
22:21:13.0123 5932 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:21:13.0139 5932 LSI_FC - ok
22:21:13.0186 5932 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:21:13.0186 5932 LSI_SAS - ok
22:21:13.0232 5932 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:21:13.0232 5932 LSI_SCSI - ok
22:21:13.0264 5932 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:21:13.0279 5932 luafv - ok
22:21:13.0342 5932 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
22:21:13.0342 5932 MBAMProtector - ok
22:21:13.0451 5932 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:21:13.0466 5932 MBAMService - ok
22:21:13.0498 5932 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
22:21:13.0513 5932 Mcx2Svc - ok
22:21:13.0529 5932 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:21:13.0529 5932 megasas - ok
22:21:13.0700 5932 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:21:13.0716 5932 MegaSR - ok
22:21:13.0732 5932 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:21:13.0747 5932 MMCSS - ok
22:21:13.0763 5932 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:21:13.0763 5932 Modem - ok
22:21:13.0778 5932 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:21:13.0778 5932 monitor - ok
22:21:13.0810 5932 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:21:13.0810 5932 mouclass - ok
22:21:13.0841 5932 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:21:13.0856 5932 mouhid - ok
22:21:13.0872 5932 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:21:13.0888 5932 MountMgr - ok
22:21:13.0934 5932 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:21:13.0934 5932 mpio - ok
22:21:13.0950 5932 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:21:13.0966 5932 mpsdrv - ok
22:21:14.0122 5932 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
22:21:14.0137 5932 MpsSvc - ok
22:21:14.0168 5932 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:21:14.0168 5932 Mraid35x - ok
22:21:14.0215 5932 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:21:14.0215 5932 MRxDAV - ok
22:21:14.0293 5932 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:21:14.0309 5932 mrxsmb - ok
22:21:14.0465 5932 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:21:14.0465 5932 mrxsmb10 - ok
22:21:14.0480 5932 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:21:14.0480 5932 mrxsmb20 - ok
22:21:14.0527 5932 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
22:21:14.0527 5932 msahci - ok
22:21:14.0558 5932 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:21:14.0558 5932 msdsm - ok
22:21:14.0605 5932 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
22:21:14.0605 5932 MSDTC - ok
22:21:14.0636 5932 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:21:14.0636 5932 Msfs - ok
22:21:14.0699 5932 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:21:14.0699 5932 msisadrv - ok
22:21:14.0730 5932 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
22:21:14.0730 5932 MSiSCSI - ok
22:21:14.0746 5932 msiserver - ok
22:21:14.0777 5932 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:21:14.0777 5932 MSKSSRV - ok
22:21:14.0777 5932 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:21:14.0777 5932 MSPCLOCK - ok
22:21:14.0792 5932 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:21:14.0808 5932 MSPQM - ok
22:21:14.0855 5932 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:21:14.0855 5932 MsRPC - ok
22:21:14.0870 5932 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:21:14.0870 5932 mssmbios - ok
22:21:14.0886 5932 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:21:14.0886 5932 MSTEE - ok
22:21:14.0917 5932 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:21:14.0917 5932 Mup - ok
22:21:14.0980 5932 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
22:21:14.0995 5932 napagent - ok
22:21:15.0073 5932 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:21:15.0073 5932 NativeWifiP - ok
22:21:15.0167 5932 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:21:15.0167 5932 NDIS - ok
22:21:15.0198 5932 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:21:15.0198 5932 NdisTapi - ok
22:21:15.0245 5932 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:21:15.0245 5932 Ndisuio - ok
22:21:15.0338 5932 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:21:15.0354 5932 NdisWan - ok
22:21:15.0370 5932 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:21:15.0385 5932 NDProxy - ok
22:21:15.0416 5932 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:21:15.0432 5932 NetBIOS - ok
22:21:15.0479 5932 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:21:15.0479 5932 netbt - ok
22:21:15.0526 5932 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:21:15.0526 5932 Netlogon - ok
22:21:15.0588 5932 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
22:21:15.0588 5932 Netman - ok
22:21:15.0682 5932 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
22:21:15.0682 5932 netprofm - ok
22:21:15.0775 5932 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:21:15.0775 5932 NetTcpPortSharing - ok
22:21:15.0822 5932 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:21:15.0822 5932 nfrd960 - ok
22:21:15.0884 5932 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
22:21:15.0884 5932 NlaSvc - ok
22:21:16.0103 5932 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
22:21:16.0118 5932 nmservice - ok
22:21:16.0181 5932 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:21:16.0181 5932 Npfs - ok
22:21:16.0212 5932 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
22:21:16.0212 5932 nsi - ok
22:21:16.0259 5932 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:21:16.0259 5932 nsiproxy - ok
22:21:16.0430 5932 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:21:16.0462 5932 Ntfs - ok
22:21:16.0508 5932 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:21:16.0508 5932 ntrigdigi - ok
22:21:16.0555 5932 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:21:16.0555 5932 Null - ok
22:21:16.0586 5932 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:21:16.0586 5932 nvraid - ok
22:21:16.0602 5932 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:21:16.0602 5932 nvstor - ok
22:21:16.0633 5932 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:21:16.0633 5932 nv_agp - ok
22:21:16.0649 5932 NwlnkFlt - ok
22:21:16.0649 5932 NwlnkFwd - ok
22:21:16.0680 5932 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:21:16.0680 5932 ohci1394 - ok
22:21:16.0758 5932 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:21:16.0774 5932 p2pimsvc - ok
22:21:16.0789 5932 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:21:16.0789 5932 p2psvc - ok
22:21:16.0820 5932 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:21:16.0820 5932 Parport - ok
22:21:16.0883 5932 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
22:21:16.0883 5932 partmgr - ok
22:21:16.0914 5932 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:21:16.0914 5932 Parvdm - ok
22:21:16.0930 5932 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
22:21:16.0945 5932 PcaSvc - ok
22:21:17.0008 5932 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:21:17.0008 5932 pci - ok
22:21:17.0023 5932 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
22:21:17.0023 5932 pciide - ok
22:21:17.0054 5932 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:21:17.0054 5932 pcmcia - ok
22:21:17.0210 5932 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:21:17.0288 5932 PEAUTH - ok
22:21:17.0554 5932 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
22:21:17.0600 5932 pla - ok
22:21:17.0741 5932 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
22:21:17.0756 5932 PlugPlay - ok
22:21:17.0897 5932 pnarp (3de33bce4a930edf57bd1f742823bcd8) C:\Windows\system32\DRIVERS\pnarp.sys
22:21:17.0897 5932 pnarp - ok
22:21:18.0053 5932 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:21:18.0053 5932 PNRPAutoReg - ok
22:21:18.0068 5932 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:21:18.0084 5932 PNRPsvc - ok
22:21:18.0162 5932 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
22:21:18.0162 5932 PolicyAgent - ok
22:21:18.0209 5932 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:21:18.0209 5932 PptpMiniport - ok
22:21:18.0224 5932 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:21:18.0224 5932 Processor - ok
22:21:18.0240 5932 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
22:21:18.0256 5932 ProfSvc - ok
22:21:18.0302 5932 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:21:18.0318 5932 ProtectedStorage - ok
22:21:18.0380 5932 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:21:18.0380 5932 PSched - ok
22:21:18.0412 5932 purendis (53efa6066e7ffaa1ad91c7fb40ffd2ec) C:\Windows\system32\DRIVERS\purendis.sys
22:21:18.0412 5932 purendis - ok
22:21:18.0427 5932 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
22:21:18.0427 5932 PxHelp20 - ok
22:21:18.0614 5932 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:21:18.0630 5932 ql2300 - ok
22:21:18.0724 5932 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:21:18.0724 5932 ql40xx - ok
22:21:18.0786 5932 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
22:21:18.0802 5932 QWAVE - ok
22:21:18.0817 5932 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:21:18.0817 5932 QWAVEdrv - ok
22:21:18.0848 5932 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:21:18.0864 5932 RasAcd - ok
22:21:18.0880 5932 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
22:21:18.0880 5932 RasAuto - ok
22:21:18.0911 5932 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:21:18.0911 5932 Rasl2tp - ok
22:21:18.0958 5932 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
22:21:18.0973 5932 RasMan - ok
22:21:19.0020 5932 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:21:19.0020 5932 RasPppoe - ok
22:21:19.0051 5932 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:21:19.0051 5932 RasSstp - ok
22:21:19.0098 5932 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:21:19.0114 5932 rdbss - ok
22:21:19.0160 5932 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:21:19.0160 5932 RDPCDD - ok
22:21:19.0254 5932 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:21:19.0254 5932 rdpdr - ok
22:21:19.0254 5932 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:21:19.0254 5932 RDPENCDD - ok
22:21:19.0348 5932 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
22:21:19.0363 5932 RDPWD - ok
22:21:19.0410 5932 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
22:21:19.0410 5932 RemoteAccess - ok
22:21:19.0472 5932 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
22:21:19.0472 5932 RemoteRegistry - ok
22:21:19.0504 5932 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
22:21:19.0504 5932 RpcLocator - ok
22:21:19.0582 5932 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:21:19.0597 5932 RpcSs - ok
22:21:19.0660 5932 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:21:19.0660 5932 rspndr - ok
22:21:19.0691 5932 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:21:19.0691 5932 RTL8169 - ok
22:21:19.0738 5932 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
22:21:19.0738 5932 RTSTOR - ok
22:21:19.0784 5932 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:21:19.0784 5932 SamSs - ok
22:21:19.0800 5932 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:21:19.0800 5932 sbp2port - ok
22:21:19.0862 5932 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
22:21:19.0878 5932 SCardSvr - ok
22:21:20.0050 5932 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
22:21:20.0050 5932 Schedule - ok
22:21:20.0081 5932 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:21:20.0081 5932 SCPolicySvc - ok
22:21:20.0128 5932 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
22:21:20.0128 5932 SDRSVC - ok
22:21:20.0174 5932 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:21:20.0174 5932 secdrv - ok
22:21:20.0221 5932 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
22:21:20.0221 5932 seclogon - ok
22:21:20.0252 5932 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
22:21:20.0252 5932 SENS - ok
22:21:20.0284 5932 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:21:20.0284 5932 Serenum - ok
22:21:20.0346 5932 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:21:20.0346 5932 Serial - ok
22:21:20.0377 5932 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:21:20.0377 5932 sermouse - ok
22:21:20.0440 5932 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
22:21:20.0440 5932 SessionEnv - ok
22:21:20.0502 5932 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:21:20.0518 5932 sffdisk - ok
22:21:20.0533 5932 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:21:20.0533 5932 sffp_mmc - ok
22:21:20.0549 5932 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:21:20.0549 5932 sffp_sd - ok
22:21:20.0564 5932 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:21:20.0564 5932 sfloppy - ok
22:21:20.0611 5932 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
22:21:20.0611 5932 SharedAccess - ok
22:21:20.0689 5932 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
22:21:20.0705 5932 ShellHWDetection - ok
22:21:20.0736 5932 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:21:20.0736 5932 sisagp - ok
22:21:20.0767 5932 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:21:20.0767 5932 SiSRaid2 - ok
22:21:20.0798 5932 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:21:20.0798 5932 SiSRaid4 - ok
22:21:21.0344 5932 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
22:21:21.0485 5932 slsvc - ok
22:21:21.0656 5932 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
22:21:21.0656 5932 SLUINotify - ok
22:21:21.0781 5932 SmartFaceVWatchSrv (3566310df25ea5c3b2e9f50f5b50eac1) C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
22:21:21.0781 5932 SmartFaceVWatchSrv - ok
22:21:21.0875 5932 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:21:21.0875 5932 Smb - ok
22:21:21.0922 5932 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
22:21:21.0937 5932 SNMPTRAP - ok
22:21:21.0968 5932 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:21:21.0968 5932 spldr - ok
22:21:22.0031 5932 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
22:21:22.0046 5932 Spooler - ok
22:21:22.0124 5932 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:21:22.0124 5932 srv - ok
22:21:22.0265 5932 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:21:22.0265 5932 srv2 - ok
22:21:22.0327 5932 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:21:22.0327 5932 srvnet - ok
22:21:22.0374 5932 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
22:21:22.0374 5932 SSDPSRV - ok
22:21:22.0452 5932 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
22:21:22.0468 5932 SstpSvc - ok
22:21:22.0577 5932 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
22:21:22.0577 5932 stisvc - ok
22:21:22.0639 5932 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
22:21:22.0639 5932 SVRPEDRV - ok
22:21:22.0686 5932 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:21:22.0686 5932 swenum - ok
22:21:22.0904 5932 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
22:21:22.0920 5932 swprv - ok
22:21:22.0951 5932 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:21:22.0951 5932 Symc8xx - ok
22:21:22.0967 5932 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:21:22.0967 5932 Sym_hi - ok
22:21:22.0982 5932 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:21:22.0982 5932 Sym_u3 - ok
22:21:23.0029 5932 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
22:21:23.0029 5932 SynTP - ok
22:21:23.0154 5932 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
22:21:23.0170 5932 SysMain - ok
22:21:23.0201 5932 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
22:21:23.0201 5932 TabletInputService - ok
22:21:23.0263 5932 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
22:21:23.0263 5932 TapiSrv - ok
22:21:23.0294 5932 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
22:21:23.0310 5932 TBS - ok
22:21:23.0466 5932 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
22:21:23.0497 5932 Tcpip - ok
22:21:23.0513 5932 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
22:21:23.0528 5932 Tcpip6 - ok
22:21:23.0622 5932 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:21:23.0638 5932 tcpipreg - ok
22:21:23.0700 5932 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:21:23.0700 5932 tdcmdpst - ok
22:21:23.0731 5932 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:21:23.0731 5932 TDPIPE - ok
22:21:23.0762 5932 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:21:23.0762 5932 TDTCP - ok
22:21:23.0840 5932 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:21:23.0840 5932 tdx - ok
22:21:23.0887 5932 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:21:23.0887 5932 TermDD - ok
22:21:23.0981 5932 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
22:21:23.0996 5932 TermService - ok
22:21:24.0074 5932 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
22:21:24.0074 5932 Themes - ok
22:21:24.0121 5932 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:21:24.0137 5932 THREADORDER - ok
22:21:24.0246 5932 TMachInfo (e09caafb2b323a6ff120cefb96da0a44) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:21:24.0246 5932 TMachInfo - ok
22:21:24.0464 5932 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
22:21:24.0464 5932 TNaviSrv - ok
22:21:24.0511 5932 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
22:21:24.0511 5932 TODDSrv - ok
22:21:24.0652 5932 TosCoSrv (44dbac611b11646683b5b066a049b8e4) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
22:21:24.0667 5932 TosCoSrv - ok
22:21:24.0698 5932 TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
22:21:24.0698 5932 TOSHIBA SMART Log Service - ok
22:21:24.0776 5932 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
22:21:24.0792 5932 tos_sps32 - ok
22:21:24.0839 5932 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
22:21:24.0839 5932 TrkWks - ok
22:21:24.0901 5932 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
22:21:24.0901 5932 TrustedInstaller - ok
22:21:24.0948 5932 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:21:24.0948 5932 tssecsrv - ok
22:21:24.0995 5932 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:21:24.0995 5932 tunmp - ok
22:21:25.0042 5932 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:21:25.0042 5932 tunnel - ok
22:21:25.0088 5932 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:21:25.0088 5932 TVALZ - ok
22:21:25.0135 5932 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:21:25.0135 5932 uagp35 - ok
22:21:25.0307 5932 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:21:25.0322 5932 udfs - ok
22:21:25.0354 5932 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
22:21:25.0354 5932 UI0Detect - ok
22:21:25.0432 5932 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
22:21:25.0432 5932 UleadBurningHelper - ok
22:21:25.0478 5932 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:21:25.0478 5932 uliagpkx - ok
22:21:25.0510 5932 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:21:25.0510 5932 uliahci - ok
22:21:25.0541 5932 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:21:25.0541 5932 UlSata - ok
22:21:25.0572 5932 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:21:25.0588 5932 ulsata2 - ok
22:21:25.0603 5932 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:21:25.0603 5932 umbus - ok
22:21:25.0650 5932 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
22:21:25.0650 5932 upnphost - ok
22:21:25.0681 5932 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:21:25.0681 5932 usbccgp - ok
22:21:25.0697 5932 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:21:25.0697 5932 usbcir - ok
22:21:25.0759 5932 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:21:25.0759 5932 usbehci - ok
22:21:25.0790 5932 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:21:25.0806 5932 usbhub - ok
22:21:25.0853 5932 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:21:25.0853 5932 usbohci - ok
22:21:25.0884 5932 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:21:25.0884 5932 usbprint - ok
22:21:25.0915 5932 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:21:25.0915 5932 usbscan - ok
22:21:25.0978 5932 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:21:25.0978 5932 USBSTOR - ok
22:21:26.0087 5932 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:21:26.0087 5932 usbuhci - ok
22:21:26.0149 5932 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:21:26.0149 5932 usbvideo - ok
22:21:26.0180 5932 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
22:21:26.0196 5932 UVCFTR - ok
22:21:26.0227 5932 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
22:21:26.0243 5932 UxSms - ok
22:21:26.0461 5932 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
22:21:26.0477 5932 vds - ok
22:21:26.0508 5932 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:21:26.0508 5932 vga - ok
22:21:26.0524 5932 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:21:26.0524 5932 VgaSave - ok
22:21:26.0555 5932 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:21:26.0555 5932 viaagp - ok
22:21:26.0570 5932 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:21:26.0570 5932 ViaC7 - ok
22:21:26.0586 5932 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:21:26.0586 5932 viaide - ok
22:21:26.0617 5932 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:21:26.0617 5932 volmgr - ok
22:21:26.0804 5932 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:21:26.0820 5932 volmgrx - ok
22:21:26.0945 5932 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:21:26.0945 5932 volsnap - ok
22:21:27.0007 5932 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:21:27.0007 5932 vsmraid - ok
22:21:27.0132 5932 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
22:21:27.0163 5932 VSS - ok
22:21:27.0397 5932 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
22:21:27.0413 5932 vToolbarUpdater10.2.0 - ok
22:21:27.0740 5932 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
22:21:27.0756 5932 W32Time - ok
22:21:27.0818 5932 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:21:27.0818 5932 WacomPen - ok
22:21:27.0850 5932 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:21:27.0850 5932 Wanarp - ok
22:21:27.0850 5932 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:21:27.0850 5932 Wanarpv6 - ok
22:21:27.0943 5932 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
22:21:27.0959 5932 wcncsvc - ok
22:21:27.0990 5932 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
22:21:28.0006 5932 WcsPlugInService - ok
22:21:28.0021 5932 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:21:28.0037 5932 Wd - ok
22:21:28.0099 5932 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:21:28.0099 5932 Wdf01000 - ok
22:21:28.0146 5932 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:21:28.0146 5932 WdiServiceHost - ok
22:21:28.0162 5932 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:21:28.0162 5932 WdiSystemHost - ok
22:21:28.0286 5932 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
22:21:28.0286 5932 WebClient - ok
22:21:28.0349 5932 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
22:21:28.0349 5932 Wecsvc - ok
22:21:28.0396 5932 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
22:21:28.0411 5932 wercplsupport - ok
22:21:28.0458 5932 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
22:21:28.0474 5932 WerSvc - ok
22:21:28.0583 5932 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
22:21:28.0598 5932 WinDefend - ok
22:21:28.0614 5932 WinHttpAutoProxySvc - ok
22:21:28.0786 5932 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
22:21:28.0801 5932 Winmgmt - ok
22:21:29.0020 5932 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
22:21:29.0051 5932 WinRM - ok
22:21:29.0129 5932 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
22:21:29.0144 5932 Wlansvc - ok
22:21:29.0222 5932 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
22:21:29.0222 5932 WmiAcpi - ok
22:21:29.0410 5932 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
22:21:29.0410 5932 wmiApSrv - ok
22:21:29.0628 5932 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:21:29.0659 5932 WMPNetworkSvc - ok
22:21:29.0722 5932 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
22:21:29.0737 5932 WPCSvc - ok
22:21:29.0784 5932 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
22:21:29.0784 5932 WPDBusEnum - ok
22:21:30.0049 5932 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:21:30.0065 5932 WPFFontCache_v0400 - ok
22:21:30.0127 5932 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:21:30.0127 5932 ws2ifsl - ok
22:21:30.0174 5932 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
22:21:30.0174 5932 wscsvc - ok
22:21:30.0190 5932 WSearch - ok
22:21:30.0580 5932 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
22:21:30.0626 5932 wuauserv - ok
22:21:30.0907 5932 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:21:30.0907 5932 WUDFRd - ok
22:21:30.0938 5932 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
22:21:30.0954 5932 wudfsvc - ok
22:21:31.0172 5932 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:21:31.0219 5932 YahooAUService - ok
22:21:31.0250 5932 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
22:21:31.0999 5932 \Device\Harddisk0\DR0 - ok
22:21:32.0046 5932 Boot (0x1200) (59e7bb1d10198e5def4546ca5a4dae6f) \Device\Harddisk0\DR0\Partition0
22:21:32.0046 5932 \Device\Harddisk0\DR0\Partition0 - ok
22:21:32.0046 5932 ============================================================
22:21:32.0046 5932 Scan finished
22:21:32.0046 5932 ============================================================
22:21:32.0062 1300 Detected object count: 0
22:21:32.0062 1300 Actual detected object count: 0
22:22:44.0383 4592 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-27 22:22:50
-----------------------------
22:22:50.128 OS Version: Windows 6.0.6002 Service Pack 2
22:22:50.128 Number of processors: 2 586 0xF0D
22:22:50.128 ComputerName: PAULETTERIDL-PC UserName: Paulette R
22:23:07.693 Initialize success
22:24:35.511 AVAST engine defs: 12052702
22:25:01.360 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:25:01.376 Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
22:25:01.391 Disk 0 MBR read successfully
22:25:01.391 Disk 0 MBR scan
22:25:01.407 Disk 0 Windows VISTA default MBR code
22:25:01.423 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:25:01.454 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 229555 MB offset 3074048
22:25:01.469 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7419 MB offset 473202688
22:25:01.485 Disk 0 scanning sectors +488396800
22:25:01.547 Disk 0 scanning C:\Windows\system32\drivers
22:25:12.920 Service scanning
22:25:42.029 Modules scanning
22:25:49.767 Disk 0 trace - called modules:
22:25:49.783 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:25:49.798 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8611c0b8]
22:25:49.814 3 CLASSPNP.SYS[89f108b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85050028]
22:25:50.984 AVAST engine scan C:\Windows
22:25:55.243 AVAST engine scan C:\Windows\system32
22:29:31.209 AVAST engine scan C:\Windows\system32\drivers
22:29:47.199 AVAST engine scan C:\Users\Paulette R
22:32:19.049 AVAST engine scan C:\ProgramData
22:35:02.038 Scan finished successfully
22:35:28.340 Disk 0 MBR has been saved successfully to "C:\Users\Paulette R\Desktop\MBR.dat"
22:35:28.355 The log file has been saved successfully to "C:\Users\Paulette R\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:30 AM

Posted 27 May 2012 - 09:47 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 protrader71

protrader71
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 27 May 2012 - 10:54 PM

Here is the OTL txt file per your request. Thanks again for all the help.

OTL logfile created on: 5/27/2012 11:13:39 PM - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Paulette R\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 60.39% Memory free
5.94 Gb Paging File | 4.78 Gb Available in Paging File | 80.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.17 Gb Total Space | 160.86 Gb Free Space | 71.76% Space Free | Partition Type: NTFS

Computer Name: PAULETTERIDL-PC | User Name: Paulette R | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Paulette R\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()
MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()
MOD - C:\Program Files\Toshiba\FlashCards\BlackPng.dll ()
MOD - C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\Toshiba\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (ConfigFree Service) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IO_Memory) -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys File not found
DRV - (catchme) -- C:\Users\PAULET~1\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (purendis) -- C:\Windows\System32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\Windows\System32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKLM\..\SearchScopes,DefaultScope = {2ABED447-9F2A-41FA-AAB1-84834CBAB26B}
IE - HKLM\..\SearchScopes\{2ABED447-9F2A-41FA-AAB1-84834CBAB26B}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm002^S00828^us&si=CIvSvpTKv68CFQ1U7Aod_wLEwA&ptb=10A112F8-ACC2-4D1B-A8B5-1D001AC778C9&ind=2012041819&n=77ed525b&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^UX^xdm002^S00828^us&ptb=10A112F8-ACC2-4D1B-A8B5-1D001AC778C9&si=CIvSvpTKv68CFQ1U7Aod_wLEwA
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes\{2ABED447-9F2A-41FA-AAB1-84834CBAB26B}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB_enUS332
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes\{60885DDE-CB4E-4FE0-8FAB-8A40F4F4FEAF}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120105,6901,0,8,0
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=MFCrJMls6cQTSRbGyJ9L-HZDeIA?q={searchTerms}
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B366B4B6-F3B3-45DC-8E33-ECD18CEFBD3D}&mid=4a00eeb79d216f2bfc37883ba51cd07b-65f0cc09e22a6d7bf9a83e44ea2cb1337f2950a1&lang=us&ds=AVG&pr=fr&d=2011-12-16 20:39:10&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm002^S00828^us&si=CIvSvpTKv68CFQ1U7Aod_wLEwA&ptb=10A112F8-ACC2-4D1B-A8B5-1D001AC778C9&ind=2012041819&n=77ed525b&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80291&lng=en
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "My Web Search"
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: avg@toolbar:10.2.0.3
FF - prefs.js..extensions.enabledItems: 39ffxtbr@MapsGalaxy_39.com:1.44.0.32479
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B86ad44a2-7bb5-41bc-a54e-7d8a475b28d1%7D&mid=4a00eeb79d216f2bfc37883ba51cd07b-65f0cc09e22a6d7bf9a83e44ea2cb1337f2950a1&ds=AVG&v=10.2.0.3&lang=us&pr=fr&d=2011-12-16%2020%3A39%3A10&sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/10/11 20:54:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/05/17 15:41:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/16 21:09:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\Paulette R\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012/01/31 20:32:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files\MapsGalaxy_39\bar\1.bin [2012/05/26 18:40:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/18 19:56:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/18 19:56:06 | 000,000,000 | ---D | M]

[2009/06/19 18:55:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paulette R\AppData\Roaming\Mozilla\Extensions
[2012/05/26 20:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paulette R\AppData\Roaming\Mozilla\Firefox\Profiles\3gm09w2e.default\extensions
[2012/04/18 19:50:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Paulette R\AppData\Roaming\Mozilla\Firefox\Profiles\3gm09w2e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/05 22:02:16 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Paulette R\AppData\Roaming\Mozilla\Firefox\Profiles\3gm09w2e.default\extensions\inboxcomtoolbar@inbox.com
[2012/04/18 19:50:26 | 000,009,635 | ---- | M] () -- C:\Users\Paulette R\AppData\Roaming\Mozilla\Firefox\Profiles\3gm09w2e.default\searchplugins\my-web-search.xml
[2010/05/23 20:44:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/23 20:44:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/10/11 20:54:59 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2012/05/26 18:40:13 | 000,000,000 | ---D | M] (MapsGalaxy) -- C:\PROGRAM FILES\MAPSGALAXY_39\BAR\1.BIN
[2012/03/16 21:09:45 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.2.0.3
[2012/03/16 21:09:19 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2012/05/27 17:20:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O15 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.186 207.69.188.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5299EDC5-C09C-495E-ABB6-F6BDA5F81CBD}: DhcpNameServer = 207.69.188.186 207.69.188.187
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/27 23:11:18 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Paulette R\Desktop\OTL.exe
[2012/05/27 22:18:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Paulette R\Desktop\aswMBR.exe
[2012/05/27 22:18:36 | 002,126,936 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Paulette R\Desktop\tdsskiller.exe
[2012/05/27 17:21:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/27 17:21:53 | 000,000,000 | ---D | C] -- C:\Users\Paulette R\AppData\Local\temp
[2012/05/27 17:12:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/27 17:12:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/27 17:12:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/27 17:12:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/27 17:12:32 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/27 17:12:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/27 17:08:55 | 004,528,653 | R--- | C] (Swearware) -- C:\Users\Paulette R\Desktop\ComboFix.exe
[2012/05/26 20:41:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Paulette R\Desktop\dds.scr
[2012/05/26 20:10:47 | 000,000,000 | ---D | C] -- C:\Users\Paulette R\Desktop\MBAM Logs
[2012/05/10 17:35:16 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/10 17:35:16 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/10 17:35:15 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/10 17:35:14 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/10 17:35:14 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/10 17:35:03 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/10 17:35:03 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/10 17:35:02 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/07 18:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/05/07 18:34:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/27 23:11:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Paulette R\Desktop\OTL.exe
[2012/05/27 23:09:38 | 000,616,954 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/27 23:09:38 | 000,108,394 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/27 23:05:21 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/05/27 23:05:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 23:05:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 23:04:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/27 23:04:54 | 3082,809,344 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/27 22:35:28 | 000,000,512 | ---- | M] () -- C:\Users\Paulette R\Desktop\MBR.dat
[2012/05/27 22:19:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Paulette R\Desktop\aswMBR.exe
[2012/05/27 22:18:38 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Paulette R\Desktop\tdsskiller.exe
[2012/05/27 22:18:30 | 099,290,447 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012/05/27 17:20:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/27 17:08:57 | 004,528,653 | R--- | M] (Swearware) -- C:\Users\Paulette R\Desktop\ComboFix.exe
[2012/05/27 17:04:21 | 000,852,401 | ---- | M] () -- C:\Users\Paulette R\Desktop\SecurityCheck.exe
[2012/05/26 20:46:47 | 000,302,592 | ---- | M] () -- C:\Users\Paulette R\Desktop\gbhqjb2q.exe
[2012/05/26 20:41:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Paulette R\Desktop\dds.scr
[2012/05/11 03:34:12 | 000,403,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/27 22:35:28 | 000,000,512 | ---- | C] () -- C:\Users\Paulette R\Desktop\MBR.dat
[2012/05/27 17:12:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/27 17:12:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/27 17:12:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/27 17:12:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/27 17:12:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/27 17:04:15 | 000,852,401 | ---- | C] () -- C:\Users\Paulette R\Desktop\SecurityCheck.exe
[2012/05/26 20:46:47 | 000,302,592 | ---- | C] () -- C:\Users\Paulette R\Desktop\gbhqjb2q.exe
[2011/03/17 20:54:34 | 000,024,206 | ---- | C] () -- C:\Users\Paulette R\AppData\Roaming\UserTile.png
[2011/02/03 20:15:54 | 000,026,624 | ---- | C] () -- C:\Users\Paulette R\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:30 AM

Posted 27 May 2012 - 11:04 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
     - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = <http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm002^S00828^us&si=CIvSvpTKv68CFQ1U7Aod_wLEwA&ptb=10A112F8-ACC2-4D1B-A8B5-1D001AC778C9&ind=2012041819&n=77ed525b&psa=&st=sb&searchfor={searchTerms}>
    IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = <http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^UX^xdm002^S00828^us&ptb=10A112F8-ACC2-4D1B-A8B5-1D001AC778C9&si=CIvSvpTKv68CFQ1U7Aod_wLEwA>
    IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = <http://127.0.0.1:4664/search&s=MFCrJMls6cQTSRbGyJ9L-HZDeIA?q={searchTerms}>
    IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = <http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm002^S00828^us&si=CIvSvpTKv68CFQ1U7Aod_wLEwA&ptb=10A112F8-ACC2-4D1B-A8B5-1D001AC778C9&ind=2012041819&n=77ed525b&psa=&st=sb&searchfor={searchTerms}>
    FF - prefs.js..browser.search.defaultenginename: "My Web Search"
    FF - prefs.js..browser.search.selectedEngine: "My Web Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    [2012/04/18 19:50:26 | 000,009,635 | ---- | M] () -- C:\Users\Paulette R\AppData\Roaming\Mozilla\Firefox\Profiles\3gm09w2e.default\searchplugins\my-web-search.xml
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 protrader71

protrader71
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 28 May 2012 - 12:19 AM

Hello Gringo,

So I followed your last instructions with the OTL fix. It did not ask me to reboot, however, after it was done I decided to reboot anyway. I tried to open up IE browser, and it tried to go to iGoogle. But before it could I got an error message; Internet Explorer is not working windows is looking for a solution, when I tried to close that error box, the browser tries to reopen the tab each time. Just one tab, whereas before it was several tabs all at once. Also I when I copy/paste things I use the right click of the mouse, when the menu pops up I happened to notice it has a "Search My Web Search" within that right click menu. I hope that information is useful. Thanks for the help...let me know if I need to give you more information.

========== OTL ==========
HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1990609593-3534744734-3468119329-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1990609593-3534744734-3468119329-1000\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ not found.
Prefs.js: "My Web Search" removed from browser.search.defaultenginename
Prefs.js: "My Web Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
C:\Users\Paulette R\AppData\Roaming\Mozilla\Firefox\Profiles\3gm09w2e.default\searchplugins\my-web-search.xml moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Paulette R\Desktop\cmd.bat deleted successfully.
C:\Users\Paulette R\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Paulette R
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Paulette R
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.43.2 log created on 05282012_010132

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:30 AM

Posted 28 May 2012 - 12:28 AM

Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on safety
  • click on delete browsing history
  • make sure all boxes are checked
  • click on Tools,
  • click Internet Options.
  • On the Advanced tab, click Reset
  • put a check mark next to Delete Personal Settings
  • click Reset to confirm
  • when complete click the close button
  • restart IE


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 protrader71

protrader71
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 28 May 2012 - 04:42 PM

Hello Gringo,

I followed your instructions regarding IE. It appears to be working correctly now. However, I'm still having a couple glitches with FireFox. I tried to type this post up in FireFox and the mouse keeps scrolling to the bottom or sometimes to the top. Not allowing me to type this up in FireFox. And I had a couple of these mouse hops while typing this IE, but it still allowed me to type up the post ... so maybe it is completely the wireless mouse and not virus related. Although I put in a new battery, so not sure, what's going on. I also noticed that in FireFox when I right click the drop menu still has "Search My Web Search" ... whereas when I right click inside IE or anything else that choice is not there. I noticed in my initial MBAM scan before I started this post, the infection "pup.mywebsearch" was attached to the Mapsgalaxy toolbar which is still in FireFox. I am not familiar with this toolbar, I don't know if it safe or not. Is there anyway to take FireFox and "fix it" like we just did with IE?

Hope you are enjoying your Memorial Day holiday. Thanks for the continued help with this matter.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:30 AM

Posted 28 May 2012 - 05:01 PM

Greetings

Is there anyway to take FireFox and "fix it" like we just did with IE?

I want you to uninstall FireFox and if asked about user Data or settings then remove that also
(you may backup the BOOKMARKS)

restart the computer and reinstall firefox - check things out and report to me



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 protrader71

protrader71
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 28 May 2012 - 05:35 PM

Hello again,

Ok I uninstalled Firefox, rebooted and re-installed FireFox. It appears to be running smooth now ... still getting "mouse hops" ... but that could be totally hardware related. It is no longer scrolling to the bottom or top and preventing me from posting. -- What's next?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:30 AM

Posted 28 May 2012 - 08:25 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 protrader71

protrader71
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 28 May 2012 - 09:12 PM

Hello Gringo,

I ran the CFScript, I did not have to reboot. I turned off the wireless mouse and the mouse scroll and hops seems to have stopped. So that must be a hardware issue. I opened up both IE and FireFox and both appear to be running smoothly.

Here is the log from the CFScript run:

ComboFix 12-05-27.02 - Paulette R 05/28/2012 21:54:48.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1729 [GMT -4:00]
Running from: c:\users\Paulette R\Desktop\ComboFix.exe
Command switches used :: c:\users\Paulette R\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-29 )))))))))))))))))))))))))))))))
.
.
2012-05-29 02:00 . 2012-05-29 02:00 -------- d-----w- c:\users\Paulette R\AppData\Local\temp
2012-05-29 02:00 . 2012-05-29 02:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-28 04:58 . 2012-05-28 04:58 -------- d-----w- C:\_OTL
2012-05-07 22:35 . 2012-05-07 22:35 -------- d-----w- c:\programdata\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2012-04-17 21:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 07:02 . 2012-03-29 07:02 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-29 07:02 . 2012-03-29 07:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-29 07:02 . 2012-03-29 07:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-29 07:02 . 2012-03-29 07:02 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-29 07:02 . 2012-03-29 07:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-29 07:02 . 2012-03-29 07:02 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-29 07:02 . 2012-03-29 07:02 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-29 07:02 . 2012-03-29 07:02 367104 ----a-w- c:\windows\system32\html.iec
2012-03-29 07:02 . 2012-03-29 07:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-29 07:02 . 2012-03-29 07:02 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-29 07:02 . 2012-03-29 07:02 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-29 07:02 . 2012-03-29 07:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-29 07:02 . 2012-03-29 07:02 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-29 07:02 . 2012-03-29 07:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-29 07:02 . 2012-03-29 07:02 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-29 07:02 . 2012-03-29 07:02 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-29 07:02 . 2012-03-29 07:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-29 15:11 . 2012-04-12 07:10 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 07:10 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-12 07:10 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-12 07:10 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-21 01:19 . 2012-05-28 22:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-02-05 20:41 . 2011-02-05 20:41 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-17 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-31 2077536]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-17 982880]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-11 928096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-04-29 18:33 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-02-05 20:41 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-10-11 17:49 1179648 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 23:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-11 16:11 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-28 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-02-01 19:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
TCP: DhcpNameServer = 207.69.188.186 207.69.188.187
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Paulette R\AppData\Roaming\Mozilla\Firefox\Profiles\huk2aj2t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-28 22:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????? ?m??h?????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2192)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
Completion time: 2012-05-28 22:01:25
ComboFix-quarantined-files.txt 2012-05-29 02:01
ComboFix2.txt 2012-05-27 21:21
.
Pre-Run: 172,522,123,264 bytes free
Post-Run: 172,563,296,256 bytes free
.
- - End Of File - - 09EB131C17EA2132F7640B41F2B9DCEF




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users