Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32 DNSChanger-VJ/Win64 Sirefef-A


  • This topic is locked This topic is locked
56 replies to this topic

#1 cedarrabbit

cedarrabbit

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 30 May 2012 - 12:12 AM

It appears that I have a trojan or trojans on my computer. Avast keeps telling me that either Win32 DNSChanger-VJ has been blocked or Win64 Sirefef-A has been blocked. I noticed that there are a couple of previous posts on similar trojans. Should I just read and follow one of those or does removal need to be tailored to my computer?
I have Toshiba Satellite A135 Windows Vista Home Basic, 32 Bit, Service Pack 2.
Thanks

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 30 May 2012 - 01:10 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

The next thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cedarrabbit

cedarrabbit
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 30 May 2012 - 02:09 PM

Checkup.txt

Results of screen317's Security Check version 0.99.41
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java™ 6 Update 31
Java™ SE Runtime Environment 6
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
CyberDefender PC Optimizer CDPCODefragSrv.exe
CyberDefender SchedulerService SchedulerService.exe
CyberDefender PC Optimizer CDPCO.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#4 cedarrabbit

cedarrabbit
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 30 May 2012 - 02:39 PM

OTL.txt

OTL logfile created on: 5/30/2012 2:12:33 PM - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Nathan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 37.33% Memory free
4.21 Gb Paging File | 2.77 Gb Available in Paging File | 65.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 112.45 Gb Free Space | 48.59% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 1488.81 Gb Free Space | 79.91% Space Free | Partition Type: NTFS

Computer Name: NATHAN-PC | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nathan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Nathan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\CyberDefender\SchedulerService\SchedulerService.exe (CyberDefender Corp.)
PRC - C:\Program Files\CyberDefender\PC Optimizer\CDPCODefragSrv.exe (CyberDefender, (www.cyberdefender.com))
PRC - C:\Program Files\CyberDefender\PC Optimizer\CDPCO.exe (CyberDefender, (www.cyberdefender.com))
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe ()
PRC - C:\Program Files\FileZilla Server\FileZilla server.exe (FileZilla Project)
PRC - C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe (Memeo)
PRC - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
PRC - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Axentra Corporation)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Program Files\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
PRC - C:\Program Files\Memeo\AutoBackup\InstantBackup.exe ()
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (Smith Micro Software, Inc.)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe (Memeo Inc.)
PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Windows\System32\lxdccoms.exe ( )
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\TOSHIBA\IVP\ISM\pinger.exe ()
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3c92d4b3ec56936eab8e17ed81940c10\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\675632907c226b0c67a2407f2ddd4bf7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\bba52e3253fef00a69ebf14114185558\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c466fbf8e50c7c11b2fa994707124290\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b4ade6954a61a7626858c123dc951ba6\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\CyberDefender\PC Optimizer\asohtm.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll ()
MOD - C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll ()
MOD - C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll ()
MOD - C:\Program Files\Memeo\AutoBackup\InstantBackup.exe ()
MOD - C:\Program Files\Memeo\AutoBackup\sqlite3.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\WD\WD Anywhere Backup\sqlite3.dll ()
MOD - C:\Program Files\Toshiba\TBS\NotifyTBS.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Windows\System32\hccutils.dll ()
MOD - C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\Toshiba\ConfigFree\NotifyCFF.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CDScheduler) -- C:\Program Files\CyberDefender\SchedulerService\SchedulerService.exe (CyberDefender Corp.)
SRV - (CDPCODiskOptimizer) -- C:\Program Files\CyberDefender\PC Optimizer\CDPCODefragSrv.exe (CyberDefender, (www.cyberdefender.com))
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Updater Service for StartNow Toolbar) -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe ()
SRV - (FileZilla Server) -- C:\Program Files\FileZilla Server\FileZilla server.exe (FileZilla Project)
SRV - (SeagateDashboardService) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (cbVSCService) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation)
SRV - (lxdc_device) -- C:\Windows\System32\lxdccoms.exe ( )
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (pinger) -- C:\TOSHIBA\IVP\ISM\pinger.exe ()
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Nathan\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (Avgrkx86) -- system32\DRIVERS\avgrkx86.sys File not found
DRV - (.avgmfx86) -- File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)
DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (swmsflt) -- C:\Windows\System32\drivers\swmsflt.sys ()
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (sermouse) -- C:\Windows\System32\drivers\sermouse.sys (Microsoft Corporation)
DRV - (SWMX00) Sierra Wireless USB MUX Driver (#00) -- C:\Windows\System32\drivers\swmx00.sys (Sierra Wireless Inc.)
DRV - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\Windows\System32\drivers\SWNC5E00.sys (Sierra Wireless Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (ql2300) -- C:\Windows\System32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\System32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\System32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\System32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\System32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\System32\drivers\iaStorV.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\System32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\System32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\System32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\System32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\System32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\System32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\System32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (isapnp) -- C:\Windows\System32\drivers\isapnp.sys (Microsoft Corporation)
DRV - (nfrd960) -- C:\Windows\System32\drivers\nfrd960.sys (IBM Corporation)
DRV - (msdsm) -- C:\Windows\System32\drivers\msdsm.sys (Microsoft Corporation)
DRV - (iirsp) -- C:\Windows\System32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (mpio) -- C:\Windows\System32\drivers\mpio.sys (Microsoft Corporation)
DRV - (sbp2port) -- C:\Windows\System32\drivers\sbp2port.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\System32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\System32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\System32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\System32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\System32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\System32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\System32\drivers\HpCISSs.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\System32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\System32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\System32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\System32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\System32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\System32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\System32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\System32\drivers\Mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\System32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\System32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (i2omp) -- C:\Windows\System32\drivers\i2omp.sys (Microsoft Corporation)
DRV - (msahci) -- C:\Windows\System32\drivers\msahci.sys (Microsoft Corporation)
DRV - (Wd) -- C:\Windows\System32\drivers\wd.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\System32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\System32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Microsoft Corporation)
DRV - (aliide) -- C:\Windows\System32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (pciide) -- C:\Windows\System32\drivers\pciide.sys (Microsoft Corporation)
DRV - (rdpdr) -- C:\Windows\System32\drivers\rdpdr.sys (Microsoft Corporation)
DRV - (BTHMODEM) -- C:\Windows\System32\drivers\bthmodem.sys (Microsoft Corporation)
DRV - (HidBth) -- C:\Windows\System32\drivers\hidbth.sys (Microsoft Corporation)
DRV - (usbcir) eHome Infrared Receiver (USBCIR) -- C:\Windows\System32\drivers\usbcir.sys (Microsoft Corporation)
DRV - (circlass) -- C:\Windows\System32\drivers\circlass.sys (Microsoft Corporation)
DRV - (HidIr) -- C:\Windows\System32\drivers\hidir.sys (Microsoft Corporation)
DRV - (WacomPen) -- C:\Windows\System32\drivers\wacompen.sys (Microsoft Corporation)
DRV - (sfloppy) -- C:\Windows\System32\drivers\sfloppy.sys (Microsoft Corporation)
DRV - (fdc) -- C:\Windows\System32\drivers\fdc.sys (Microsoft Corporation)
DRV - (flpydisk) -- C:\Windows\System32\drivers\flpydisk.sys (Microsoft Corporation)
DRV - (Parport) -- C:\Windows\System32\drivers\parport.sys (Microsoft Corporation)
DRV - (kbdhid) -- C:\Windows\System32\drivers\kbdhid.sys (Microsoft Corporation)
DRV - (IPMIDRV) -- C:\Windows\System32\drivers\IPMIDrv.sys (Microsoft Corporation)
DRV - (WmiAcpi) -- C:\Windows\System32\drivers\wmiacpi.sys (Microsoft Corporation)
DRV - (ViaC7) -- C:\Windows\System32\drivers\viac7.sys (Microsoft Corporation)
DRV - (AmdK8) -- C:\Windows\System32\drivers\amdk8.sys (Microsoft Corporation)
DRV - (Crusoe) -- C:\Windows\System32\drivers\crusoe.sys (Microsoft Corporation)
DRV - (AmdK7) -- C:\Windows\System32\drivers\amdk7.sys (Microsoft Corporation)
DRV - (Processor) -- C:\Windows\System32\drivers\processr.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\System32\drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\System32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (KR3NPXP) -- C:\Windows\System32\drivers\kr3npxp.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {1A57C7A1-09E3-49E8-911C-022172D9035B}
IE - HKLM\..\SearchScopes\{1A57C7A1-09E3-49E8-911C-022172D9035B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
IE - HKLM\..\SearchScopes\{41396b1b-447e-473b-a34b-bb583136c7fc}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YRxdm038YYus&ptb=97EA11C1-D7C9-4507-97A6-ECD07A835DBF&psa=&ind=2011081308&ptnrS=YRxdm038YYus&si=95590&st=sb&n=77deaa5c&searchfor={searchTerms}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {1A57C7A1-09E3-49E8-911C-022172D9035B}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {1A57C7A1-09E3-49E8-911C-022172D9035B}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb133?a=6R8pDoBQaW&i=26
IE - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100486&babsrc=SP_ss&mntrId=02e9ec6900000000000000a0d5ffff85
IE - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\..\SearchScopes\{1A57C7A1-09E3-49E8-911C-022172D9035B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB_enUS409
IE - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\..\SearchScopes\{41396b1b-447e-473b-a34b-bb583136c7fc}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YRxdm038YYus&ptb=97EA11C1-D7C9-4507-97A6-ECD07A835DBF&psa=&ind=2011081308&ptnrS=YRxdm038YYus&si=95590&st=sb&n=77deaa5c&searchfor={searchTerms}
IE - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\..\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z129&form=ZGAIDF&install_date=20111215&iesrc={referrer:source}
IE - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb133/?search={searchTerms}&loc=IB_DS&a=6R8pDoBQaW&i=26
IE - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "Bing"
FF - prefs.js..browser.search.order.1: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Startpage HTTPS"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.email.ws/"
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb133/?loc=IB_DS&a=6R8pDoBQaW&&i=26&search="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.SmileyCentral_1v.com/Plugin: C:\Program Files\SmileyCentral_1vEI\Installr\2.bin\NP1vEISB.dll (SmileyCentral)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/02 00:42:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/12 08:37:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/26 07:40:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/10 20:08:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B1CA2591-A9D1-11E1-8270-B8AC6F996F26}: C:\Users\Nathan\AppData\Local\{B1CA2591-A9D1-11E1-8270-B8AC6F996F26}\ [2012/05/29 16:04:48 | 000,000,000 | ---D | M]

[2010/12/11 11:15:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Extensions
[2012/05/17 09:58:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions
[2011/12/15 11:00:31 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/11/27 12:54:30 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}
[2011/12/15 11:00:29 | 000,001,945 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\searchplugins\bing-zugo.xml
[2011/09/22 09:24:44 | 000,000,863 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\searchplugins\conduit.xml
[2012/05/25 13:50:24 | 000,001,590 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\searchplugins\ixquick-https.xml
[2012/04/11 17:30:54 | 000,002,203 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\searchplugins\MyStart Search.xml
[2012/05/25 13:50:28 | 000,005,472 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\searchplugins\startpage-https.xml
[2011/10/04 21:32:09 | 000,001,490 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\searchplugins\web-search-powered-by-google.xml
[2012/03/17 18:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/14 20:28:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/12 08:37:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/05/29 16:04:48 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\NATHAN\APPDATA\LOCAL\{B1CA2591-A9D1-11E1-8270-B8AC6F996F26}
[2012/04/26 07:40:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/14 00:55:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/26 23:54:28 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/10 10:28:12 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe" /md I File not found
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Send] C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [otrys] C:\Users\Nathan\AppData\Local\Temp\otrys.dll (DT Soft Ltd.)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKU\S-1-5-21-56272100-3536634483-2713512507-1000..\Run: [Akamai NetSession Interface] C:\Users\Nathan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-56272100-3536634483-2713512507-1000..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-56272100-3536634483-2713512507-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.78.96.14 66.174.92.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38037BE0-BE71-49C4-BD87-B9D462B4176C}: DhcpNameServer = 69.78.96.14 66.174.92.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{380F315D-FE2F-4504-BCE5-B31FDE61F3E0}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/30 14:09:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
[2012/05/30 10:42:41 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Nathan\Desktop\unhide.exe
[2012/05/29 16:04:47 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\{B1CA2591-A9D1-11E1-8270-B8AC6F996F26}
[2012/05/14 20:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/14 20:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/05/12 08:21:24 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/12 08:21:24 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/12 08:21:22 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/12 08:21:21 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/12 08:21:21 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/12 08:21:07 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/12 08:21:04 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/12 08:21:01 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/08 13:27:51 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\CyberDefender
[2012/05/08 13:26:56 | 000,017,016 | ---- | C] (CyberDefender, (www.cyberdefender.com)) -- C:\Windows\System32\roboot.exe
[2012/05/08 13:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC
[2012/05/08 13:25:48 | 000,000,000 | ---D | C] -- C:\Config.msi
[2012/05/08 13:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberDefender
[2012/05/08 13:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\CyberDefender
[2012/05/08 13:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberDefender
[2011/08/31 23:27:53 | 000,319,488 | ---- | C] (Zero G) -- C:\Program Files\exPressit S.E. 2.2.exe
[2011/03/27 21:45:22 | 056,485,696 | ---- | C] (Avery Dennison Corporation) -- C:\Program Files\Avery Wizard 4.0.0.exe
[2011/01/14 00:07:03 | 014,161,784 | ---- | C] (muvee Technologies Pte. Ltd) -- C:\Program Files\HDCamcorderAdd-on_1.0.43.12698_2279.exe
[2010/12/31 01:35:08 | 001,428,558 | ---- | C] (ZScreen ) -- C:\Program Files\ZScreen-3.27.3.1-setup.exe
[2010/12/30 23:57:01 | 000,329,877 | ---- | C] (© 2003 RenderSoft Software, Modifications Copyright © 2008) -- C:\Program Files\CamStudioCodec14.exe
[2010/12/30 23:56:28 | 000,329,877 | ---- | C] (© 2003 RenderSoft Software, Modifications Copyright © 2008) -- C:\Program Files\CamStudioCodec14.exe.part
[2010/12/30 23:44:40 | 003,973,019 | ---- | C] (ZeallSoft, Inc. ) -- C:\Program Files\fscsetup.exe
[2010/11/02 19:21:12 | 000,538,624 | ---- | C] (Freebyte.com) -- C:\Program Files\disktective.exe
[1 C:\Users\Nathan\AppData\Local\*.tmp files -> C:\Users\Nathan\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/30 14:16:33 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/30 14:10:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
[2012/05/30 13:47:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/30 13:28:29 | 000,853,862 | ---- | M] () -- C:\Users\Nathan\Desktop\SecurityCheck.exe
[2012/05/30 13:16:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/30 13:15:19 | 000,003,552 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/30 13:15:19 | 000,003,552 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/30 13:14:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/30 10:43:19 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Nathan\Desktop\unhide.exe
[2012/05/29 20:00:51 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\CDPCO-CDPCOOneClickCare.job
[2012/05/17 12:21:31 | 000,055,808 | ---- | M] () -- C:\Users\Nathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/15 17:30:38 | 000,921,632 | ---- | M] () -- C:\PA207.DAT
[2012/05/13 09:30:24 | 000,343,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/13 09:03:59 | 000,640,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/13 09:03:59 | 000,118,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/08 13:26:32 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\MyCleanPC PC Optimizer.lnk
[2012/05/08 13:25:37 | 000,001,212 | ---- | M] () -- C:\Users\Public\Desktop\Live PC Help.lnk
[2012/05/04 19:20:41 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/04 19:20:40 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/02 10:18:51 | 001,540,784 | ---- | M] () -- C:\Users\Nathan\Documents\Documents\Registration Form.jpg
[2012/05/01 21:33:02 | 000,012,570 | ---- | M] () -- C:\Users\Nathan\Desktop\Backup of TempDoc3412.wbk
[1 C:\Users\Nathan\AppData\Local\*.tmp files -> C:\Users\Nathan\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/30 13:27:59 | 000,853,862 | ---- | C] () -- C:\Users\Nathan\Desktop\SecurityCheck.exe
[2012/05/08 13:27:53 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\CDPCO-CDPCOOneClickCare.job
[2012/05/08 13:26:32 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\MyCleanPC PC Optimizer.lnk
[2012/05/08 13:25:37 | 000,001,212 | ---- | C] () -- C:\Users\Public\Desktop\Live PC Help.lnk
[2012/05/02 10:01:30 | 001,540,784 | ---- | C] () -- C:\Users\Nathan\Documents\Documents\Registration Form.jpg
[2012/02/03 21:02:01 | 000,000,048 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/12/06 00:17:56 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
[2011/11/27 14:13:26 | 000,000,605 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
[2011/10/28 14:19:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/28 14:19:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/28 14:19:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/28 14:19:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/28 14:19:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/03 16:10:18 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDChcp.dll
[2011/09/03 16:10:18 | 000,278,528 | ---- | C] () -- C:\Windows\System32\LXDCinst.dll
[2011/09/03 15:50:51 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdccoin.dll
[2011/05/19 21:27:09 | 001,524,112 | ---- | C] () -- C:\Windows\System32\bandoolmx.dll
[2011/02/18 00:04:29 | 000,000,000 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\downloads.m3u
[2011/01/05 18:15:39 | 000,000,029 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\default.rss
[2010/12/30 23:57:26 | 000,034,510 | ---- | C] () -- C:\Program Files\CamStudioCodec14.zip
[2010/12/30 23:55:13 | 000,000,822 | ---- | C] () -- C:\Program Files\CamStudio.lnk
[2010/12/30 23:53:24 | 001,364,995 | ---- | C] () -- C:\Program Files\CamStudio20.exe
[2010/12/21 04:17:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/20 19:27:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/20 19:27:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/12/12 12:56:33 | 000,000,680 | ---- | C] () -- C:\Users\Nathan\AppData\Local\d3d9caps.dat
[2010/12/11 21:04:12 | 000,055,808 | ---- | C] () -- C:\Users\Nathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< %TEMP%\smtmp\*.* /s >

< End of report >

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 30 May 2012 - 02:49 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 cedarrabbit

cedarrabbit
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 30 May 2012 - 02:55 PM

Where do I find the .log files?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 30 May 2012 - 03:02 PM

Check to see if it is here

C:\ComboFix.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 cedarrabbit

cedarrabbit
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 30 May 2012 - 04:22 PM

ComboFix 12-05-28.05 - Nathan 05/30/2012 15:24:36.3.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.1299 [GMT -5:00]
Running from: c:\users\Nathan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\HDCamcorderAdd-on_1.0.43.12698_2279.exe
c:\program files\somototoolbar\vmNTemplatex.dll
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\ReactivateIE.exe
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\users\Nathan\AppData\Local\Temp\otrys.dll
c:\users\Nathan\AppData\Local\TempDIR
c:\users\Nathan\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\searchplugins\bing-zugo.xml
c:\users\Nathan\g2mdlhlpx.exe
c:\windows\$NtUninstallKB49939$
c:\windows\system32\roboot.exe
.
---- Previous Run -------
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.10\uninstall.exe
c:\program files\Object
c:\program files\Object\ChromeAddon.pem
c:\program files\Object\chromeaddon\._included.js
c:\program files\Object\chromeaddon\background.html
c:\program files\Object\chromeaddon\included.js
c:\program files\Object\chromeaddon\manifest.json
c:\program files\Object\config.ini
c:\program files\Object\facetheme\build.sh
c:\program files\Object\facetheme\chrome.manifest
c:\program files\Object\facetheme\config_build.sh
c:\program files\Object\facetheme\content\.DS_Store
c:\program files\Object\facetheme\content\firefoxOverlay.xul
c:\program files\Object\facetheme\content\installid.js
c:\program files\Object\facetheme\content\overlay.js
c:\program files\Object\facetheme\content\sudoku.js
c:\program files\Object\facetheme\defaults\.DS_Store
c:\program files\Object\facetheme\defaults\preferences\._sudoku.js
c:\program files\Object\facetheme\defaults\preferences\.DS_Store
c:\program files\Object\facetheme\defaults\preferences\sudoku.js
c:\program files\Object\facetheme\files
c:\program files\Object\facetheme\install.rdf
c:\program files\Object\facetheme\locale\.DS_Store
c:\program files\Object\facetheme\locale\en-US\.DS_Store
c:\program files\Object\facetheme\locale\en-US\sudoku.dtd
c:\program files\Object\facetheme\locale\en-US\sudoku.properties
c:\program files\Object\facetheme\readme.txt
c:\program files\Object\facetheme\skin\overlay.css
c:\program files\Object\facetheme_uninstall.exe
c:\program files\Object\status.txt
c:\program files\Object\status2.txt
c:\programdata\ntuser.dat
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\windows\system32\Thumbs.db
E:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-30 20:42 . 2012-05-30 20:46 -------- d-----w- c:\users\Nathan\AppData\Local\temp
2012-05-30 20:42 . 2012-05-30 20:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-29 21:04 . 2012-05-29 21:04 -------- d-----w- c:\users\Nathan\AppData\Local\{B1CA2591-A9D1-11E1-8270-B8AC6F996F26}
2012-05-29 13:26 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B05DB24-6E90-41FC-BF09-A5F0040B3FFA}\mpengine.dll
2012-05-15 01:26 . 2012-05-15 01:26 -------- d-----w- c:\program files\Common Files\Skype
2012-05-12 13:48 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 13:21 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 13:21 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-12 13:21 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 13:21 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-12 13:21 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 13:21 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-12 13:21 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-12 13:21 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-12 13:21 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 13:21 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-12 13:21 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-08 18:27 . 2012-05-08 18:27 -------- d-----w- c:\users\Nathan\AppData\Roaming\CyberDefender
2012-05-08 18:25 . 2012-05-08 18:25 -------- d-----w- c:\program files\Common Files\CyberDefender
2012-05-08 18:25 . 2012-05-08 18:26 -------- d-----w- c:\program files\CyberDefender
2012-05-08 18:21 . 2012-05-08 18:48 -------- d-----w- c:\programdata\CyberDefender
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 00:20 . 2012-04-04 20:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 00:20 . 2011-05-18 16:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 05:55 . 2011-08-29 16:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-06 23:15 . 2012-01-27 05:29 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-01-27 05:29 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2012-01-27 05:30 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2012-01-27 05:30 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-01-27 05:30 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2012-01-27 05:30 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-01-27 05:30 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2012-01-27 05:31 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-27 17:10 . 2010-11-03 00:21 538624 ----a-w- c:\program files\disktective.exe
2011-03-28 02:54 . 2011-03-28 02:45 56485696 ----a-w- c:\program files\Avery Wizard 4.0.0.exe
2010-12-31 06:35 . 2010-12-31 06:35 1428558 ----a-w- c:\program files\ZScreen-3.27.3.1-setup.exe
2010-12-31 04:57 . 2010-12-31 04:57 329877 ----a-w- c:\program files\CamStudioCodec14.exe
2010-12-31 04:56 . 2010-12-31 04:56 329877 ----a-w- c:\program files\CamStudioCodec14.exe.part
2010-12-31 04:54 . 2010-12-31 04:53 1364995 ----a-w- c:\program files\CamStudio20.exe
2010-12-31 04:47 . 2010-12-31 04:44 3973019 ----a-w- c:\program files\fscsetup.exe
2008-06-21 19:56 . 2011-09-01 04:27 319488 ----a-w- c:\program files\exPressit S.E. 2.2.exe
2012-04-26 12:40 . 2011-04-21 14:19 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"Akamai NetSession Interface"="c:\users\Nathan\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 3331872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-29 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-29 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-29 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"NDSTray.exe"="NDSTray.exe" [BU]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-18 421888]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-12 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-15 530552]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-24 1862144]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2008-11-07 197856]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-11 323584]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
"Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
"Memeo Send"="c:\program files\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-04 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-02 296056]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFMS0ctWU9CNkYtMlk0WFAtQUVPS08tQkszRE0tMg&inst=NzctNzU2MjE2NDM4LVFJWDErMy1GTDEwKzEtRERUKzAtREQxMEYrMS1TVDEwRkFQUCsxLUwxME0rMS1GMTBNMTJBTisyMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1TVDEyRk9JKzEtRjEwTTEyQVUrMS1FVUxBKzEtU1QxMkZBUFArMS1TVEYxME0xMkFVRisxLVNUMTJPSSsx&prod=92&ver=2012.0.1834&mid=52ebd8913c7d47d68c77d1e9931b1676-79e73704745bd3e2dcb3c08a0647211abcff1094" [?]
.
c:\users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:21]
.
2012-05-30 c:\windows\Tasks\CDPCO-CDPCOOneClickCare.job
- c:\program files\CyberDefender\PC Optimizer\CDPCO.exe [2012-05-08 16:46]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 16:14]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 16:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com/mb133?a=6R8pDoBQaW&i=26
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 69.78.96.14 66.174.92.14
FF - ProfilePath - c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\
FF - prefs.js: browser.search.defaulturl - Bing
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS
FF - prefs.js: browser.startup.homepage - hxxp://www.email.ws/
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb133/?loc=IB_DS&a=6R8pDoBQaW&&i=26&search=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 02e9ec6900000000000000a0d5ffff85
FF - user.js: extensions.BabylonToolbar_i.hardId - 02e9ec6900000000000000a0d5ffff85
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15366
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:55
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - d:\malwarebytes' anti-malware\mbam.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????q??R??????^?8?^?p?^???^???
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.avgmfx86]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}"=hex:51,66,7a,6c,4c,1d,38,12,4a,94,5d,
df,2a,bb,93,08,e3,6a,3b,f5,24,5d,8e,ad
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{64182481-4F71-486B-A045-B233BD0DA8FC}"=hex:51,66,7a,6c,4c,1d,38,12,ef,27,0b,
60,43,01,05,0d,df,53,f1,73,b8,53,ec,e8
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{929801A8-4AEF-4D12-BE31-D85BF666452B}"=hex:51,66,7a,6c,4c,1d,38,12,c6,02,8b,
96,dd,04,7c,08,c1,27,9b,1b,f3,38,01,3f
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:eb,6a,52,be,8c,92,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cobian Backup 10\cbVSCService.exe
c:\program files\CyberDefender\PC Optimizer\CDPCODefragSrv.exe
c:\program files\CyberDefender\SchedulerService\SchedulerService.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\FileZilla Server\FileZilla Server.exe
c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe
c:\windows\system32\lxdccoms.exe
c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files\WD\WD Anywhere Backup\MemeoBackup.exe
c:\program files\Memeo\AutoBackup\InstantBackup.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Completion time: 2012-05-30 16:05:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-30 21:05
.
Pre-Run: 120,687,366,144 bytes free
Post-Run: 121,042,669,568 bytes free
.
- - End Of File - - 75A401B9B046E779D017A76798E64988

No problems so far. Got "Illegal operation attempted on a registery key that has been marked for deletion." but restarted and got online ok.

#9 cedarrabbit

cedarrabbit
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 30 May 2012 - 05:24 PM

My anti-virus program has stopped announcing the trojans being blocked. I suppose this means they are gone?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 30 May 2012 - 09:43 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 cedarrabbit

cedarrabbit
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 31 May 2012 - 08:46 AM

08:10:26.0816 5548 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
08:10:26.0880 5548 ============================================================
08:10:26.0880 5548 Current date / time: 2012/05/31 08:10:26.0880
08:10:26.0880 5548 SystemInfo:
08:10:26.0880 5548
08:10:26.0880 5548 OS Version: 6.0.6002 ServicePack: 2.0
08:10:26.0880 5548 Product type: Workstation
08:10:26.0881 5548 ComputerName: NATHAN-PC
08:10:26.0881 5548 UserName: Nathan
08:10:26.0881 5548 Windows directory: C:\Windows
08:10:26.0881 5548 System windows directory: C:\Windows
08:10:26.0881 5548 Processor architecture: Intel x86
08:10:26.0881 5548 Number of processors: 1
08:10:26.0881 5548 Page size: 0x1000
08:10:26.0881 5548 Boot type: Normal boot
08:10:26.0881 5548 ============================================================
08:10:29.0086 5548 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:10:29.0092 5548 Drive \Device\Harddisk1\DR1 - Size: 0x746F100000 (465.74 Gb), SectorSize: 0x200, Cylinders: 0xED7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:10:29.0388 5548 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1115E00 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:10:29.0399 5548 ============================================================
08:10:29.0399 5548 \Device\Harddisk0\DR0:
08:10:29.0399 5548 MBR partitions:
08:10:29.0399 5548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1CED6800
08:10:29.0399 5548 \Device\Harddisk1\DR1:
08:10:29.0400 5548 MBR partitions:
08:10:29.0400 5548 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A378000
08:10:29.0400 5548 \Device\Harddisk2\DR2:
08:10:29.0408 5548 MBR partitions:
08:10:29.0408 5548 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E074C1
08:10:29.0408 5548 ============================================================
08:10:29.0442 5548 C: <-> \Device\Harddisk0\DR0\Partition0
08:10:29.0639 5548 G: <-> \Device\Harddisk2\DR2\Partition0
08:10:29.0701 5548 H: <-> \Device\Harddisk1\DR1\Partition0
08:10:29.0701 5548 ============================================================
08:10:29.0701 5548 Initialize success
08:10:29.0701 5548 ============================================================
08:10:52.0609 3616 ============================================================
08:10:52.0609 3616 Scan started
08:10:52.0609 3616 Mode: Manual;
08:10:52.0609 3616 ============================================================
08:10:55.0167 3616 .avgmfx86 - ok
08:10:55.0386 3616 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
08:10:55.0401 3616 ACPI - ok
08:10:55.0495 3616 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
08:10:55.0495 3616 AdobeARMservice - ok
08:10:55.0604 3616 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:10:55.0620 3616 AdobeFlashPlayerUpdateSvc - ok
08:10:55.0698 3616 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
08:10:55.0713 3616 adp94xx - ok
08:10:55.0776 3616 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
08:10:55.0791 3616 adpahci - ok
08:10:55.0807 3616 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
08:10:55.0807 3616 adpu160m - ok
08:10:55.0838 3616 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
08:10:55.0854 3616 adpu320 - ok
08:10:55.0900 3616 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
08:10:55.0900 3616 AeLookupSvc - ok
08:10:55.0978 3616 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
08:10:55.0994 3616 AFD - ok
08:10:56.0103 3616 AgereModemAudio (1cb677bf1dabd3baf4f944e2c90d6c73) C:\Windows\system32\agrsmsvc.exe
08:10:56.0103 3616 AgereModemAudio - ok
08:10:56.0275 3616 AgereSoftModem (4e6294a06be883c9bd685a8dfd9fcd4e) C:\Windows\system32\DRIVERS\AGRSM.sys
08:10:56.0306 3616 AgereSoftModem - ok
08:10:56.0368 3616 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
08:10:56.0368 3616 agp440 - ok
08:10:56.0431 3616 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
08:10:56.0446 3616 aic78xx - ok
08:10:57.0195 3616 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files\common files\akamai/netsession_win_80c2ffa.dll
08:10:57.0195 3616 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
08:10:57.0195 3616 Akamai ( HiddenFile.Multi.Generic ) - warning
08:10:57.0195 3616 Akamai - detected HiddenFile.Multi.Generic (1)
08:10:57.0554 3616 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
08:10:57.0554 3616 ALG - ok
08:10:57.0710 3616 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
08:10:57.0710 3616 aliide - ok
08:10:57.0850 3616 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
08:10:57.0850 3616 amdagp - ok
08:10:57.0897 3616 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
08:10:57.0897 3616 amdide - ok
08:10:58.0053 3616 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
08:10:58.0053 3616 AmdK7 - ok
08:10:58.0116 3616 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
08:10:58.0116 3616 AmdK8 - ok
08:10:58.0209 3616 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
08:10:58.0209 3616 Appinfo - ok
08:10:58.0428 3616 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:10:58.0428 3616 Apple Mobile Device - ok
08:10:58.0615 3616 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
08:10:58.0615 3616 arc - ok
08:10:58.0786 3616 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
08:10:58.0786 3616 arcsas - ok
08:10:59.0036 3616 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:10:59.0067 3616 aspnet_state - ok
08:10:59.0301 3616 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
08:10:59.0317 3616 aswFsBlk - ok
08:10:59.0535 3616 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
08:10:59.0535 3616 aswMonFlt - ok
08:10:59.0629 3616 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys
08:10:59.0629 3616 aswRdr - ok
08:10:59.0707 3616 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
08:10:59.0722 3616 aswSnx - ok
08:10:59.0800 3616 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
08:10:59.0816 3616 aswSP - ok
08:10:59.0847 3616 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
08:10:59.0847 3616 aswTdi - ok
08:10:59.0910 3616 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
08:10:59.0910 3616 AsyncMac - ok
08:10:59.0956 3616 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
08:10:59.0956 3616 atapi - ok
08:11:00.0066 3616 athr (0c8dfa21b1d9d2ef14b692104ae68a69) C:\Windows\system32\DRIVERS\athr.sys
08:11:00.0097 3616 athr - ok
08:11:00.0268 3616 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
08:11:00.0268 3616 AudioEndpointBuilder - ok
08:11:00.0300 3616 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
08:11:00.0315 3616 Audiosrv - ok
08:11:00.0487 3616 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:11:00.0487 3616 avast! Antivirus - ok
08:11:00.0565 3616 Avgrkx86 - ok
08:11:00.0736 3616 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
08:11:00.0736 3616 Beep - ok
08:11:00.0908 3616 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
08:11:00.0924 3616 BFE - ok
08:11:01.0158 3616 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
08:11:01.0220 3616 BITS - ok
08:11:01.0236 3616 blbdrive - ok
08:11:01.0501 3616 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:11:01.0532 3616 Bonjour Service - ok
08:11:01.0782 3616 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
08:11:01.0782 3616 bowser - ok
08:11:02.0031 3616 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
08:11:02.0031 3616 BrFiltLo - ok
08:11:02.0281 3616 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
08:11:02.0281 3616 BrFiltUp - ok
08:11:02.0421 3616 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
08:11:02.0421 3616 Browser - ok
08:11:02.0546 3616 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
08:11:02.0546 3616 Brserid - ok
08:11:02.0686 3616 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
08:11:02.0686 3616 BrSerWdm - ok
08:11:02.0733 3616 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
08:11:02.0733 3616 BrUsbMdm - ok
08:11:02.0842 3616 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
08:11:02.0858 3616 BrUsbSer - ok
08:11:02.0905 3616 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
08:11:02.0905 3616 BTHMODEM - ok
08:11:02.0952 3616 catchme - ok
08:11:03.0045 3616 cbVSCService (ed5411a69c5bac78d245c893af64352a) C:\Program Files\Cobian Backup 10\cbVSCService.exe
08:11:03.0045 3616 cbVSCService - ok
08:11:03.0186 3616 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
08:11:03.0186 3616 cdfs - ok
08:11:03.0310 3616 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
08:11:03.0310 3616 cdrom - ok
08:11:03.0591 3616 CDScheduler (586e1e31e981a9799a6bb2ec9bb2f7e5) C:\Program Files\CyberDefender\SchedulerService\SchedulerService.exe
08:11:03.0607 3616 CDScheduler - ok
08:11:03.0747 3616 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
08:11:03.0747 3616 CertPropSvc - ok
08:11:03.0934 3616 CFSvcs (c82162949bba6cc5d006c7bd008f3cf1) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
08:11:03.0934 3616 CFSvcs - ok
08:11:04.0012 3616 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
08:11:04.0012 3616 circlass - ok
08:11:04.0075 3616 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
08:11:04.0090 3616 CLFS - ok
08:11:04.0168 3616 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:11:04.0168 3616 clr_optimization_v2.0.50727_32 - ok
08:11:04.0262 3616 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:11:04.0309 3616 clr_optimization_v4.0.30319_32 - ok
08:11:04.0449 3616 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
08:11:04.0449 3616 CmBatt - ok
08:11:04.0699 3616 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
08:11:04.0730 3616 cmdide - ok
08:11:04.0855 3616 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
08:11:04.0855 3616 Compbatt - ok
08:11:04.0995 3616 COMSysApp - ok
08:11:05.0151 3616 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
08:11:05.0151 3616 crcdisk - ok
08:11:05.0229 3616 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
08:11:05.0229 3616 Crusoe - ok
08:11:05.0401 3616 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
08:11:05.0416 3616 CryptSvc - ok
08:11:05.0666 3616 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
08:11:05.0682 3616 DcomLaunch - ok
08:11:05.0822 3616 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
08:11:05.0822 3616 DfsC - ok
08:11:06.0072 3616 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
08:11:06.0212 3616 DFSR - ok
08:11:06.0540 3616 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
08:11:06.0555 3616 Dhcp - ok
08:11:06.0758 3616 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
08:11:06.0758 3616 disk - ok
08:11:06.0898 3616 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
08:11:06.0898 3616 Dnscache - ok
08:11:07.0023 3616 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
08:11:07.0023 3616 dot3svc - ok
08:11:07.0413 3616 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
08:11:07.0429 3616 DPS - ok
08:11:07.0554 3616 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
08:11:07.0554 3616 drmkaud - ok
08:11:07.0678 3616 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
08:11:07.0694 3616 DXGKrnl - ok
08:11:07.0850 3616 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
08:11:07.0850 3616 E1G60 - ok
08:11:07.0912 3616 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
08:11:07.0912 3616 EapHost - ok
08:11:08.0037 3616 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
08:11:08.0037 3616 Ecache - ok
08:11:08.0115 3616 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
08:11:08.0131 3616 elxstor - ok
08:11:08.0224 3616 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
08:11:08.0256 3616 EMDMgmt - ok
08:11:08.0490 3616 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
08:11:08.0490 3616 EventSystem - ok
08:11:08.0599 3616 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
08:11:08.0614 3616 exfat - ok
08:11:08.0677 3616 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
08:11:08.0677 3616 fastfat - ok
08:11:08.0786 3616 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
08:11:08.0817 3616 fdc - ok
08:11:08.0958 3616 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
08:11:08.0958 3616 fdPHost - ok
08:11:09.0051 3616 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
08:11:09.0067 3616 FDResPub - ok
08:11:09.0207 3616 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
08:11:09.0207 3616 FileInfo - ok
08:11:09.0410 3616 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
08:11:09.0410 3616 Filetrace - ok
08:11:09.0753 3616 FileZilla Server (bf72c20b44b85fd030aeaa721e35d512) C:\Program Files\FileZilla Server\FileZilla Server.exe
08:11:09.0753 3616 FileZilla Server - ok
08:11:10.0190 3616 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
08:11:10.0206 3616 flpydisk - ok
08:11:10.0518 3616 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
08:11:10.0533 3616 FltMgr - ok
08:11:10.0752 3616 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
08:11:10.0767 3616 FontCache - ok
08:11:10.0923 3616 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:11:10.0923 3616 FontCache3.0.0.0 - ok
08:11:11.0095 3616 FreeAgentGoNext Service (9513b437b7adb1e6065b7f0d83d11ecf) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
08:11:11.0142 3616 FreeAgentGoNext Service - ok
08:11:11.0266 3616 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
08:11:11.0266 3616 Fs_Rec - ok
08:11:11.0329 3616 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
08:11:11.0329 3616 gagp30kx - ok
08:11:11.0391 3616 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:11:11.0391 3616 GEARAspiWDM - ok
08:11:11.0641 3616 GoogleDesktopManager (c95c07ef63811d1fef85d0c584b1c6ad) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
08:11:11.0688 3616 GoogleDesktopManager - ok
08:11:12.0093 3616 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
08:11:12.0109 3616 gpsvc - ok
08:11:12.0234 3616 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
08:11:12.0234 3616 gupdate - ok
08:11:12.0280 3616 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
08:11:12.0280 3616 gupdatem - ok
08:11:12.0421 3616 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:11:12.0436 3616 gusvc - ok
08:11:12.0608 3616 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
08:11:12.0624 3616 HdAudAddService - ok
08:11:12.0780 3616 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:11:12.0795 3616 HDAudBus - ok
08:11:13.0092 3616 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
08:11:13.0107 3616 HidBth - ok
08:11:13.0435 3616 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
08:11:13.0435 3616 HidIr - ok
08:11:13.0622 3616 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
08:11:13.0622 3616 hidserv - ok
08:11:13.0747 3616 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
08:11:13.0747 3616 HidUsb - ok
08:11:13.0872 3616 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
08:11:13.0887 3616 hkmsvc - ok
08:11:13.0996 3616 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
08:11:13.0996 3616 HpCISSs - ok
08:11:14.0137 3616 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
08:11:14.0168 3616 HTTP - ok
08:11:14.0308 3616 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
08:11:14.0308 3616 i2omp - ok
08:11:14.0433 3616 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
08:11:14.0449 3616 i8042prt - ok
08:11:14.0667 3616 ialm (14f477463246e35f1dc932be6225598c) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:11:14.0730 3616 ialm - ok
08:11:14.0964 3616 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
08:11:14.0964 3616 iaStorV - ok
08:11:15.0135 3616 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
08:11:15.0151 3616 IDriverT - ok
08:11:15.0572 3616 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:11:15.0728 3616 idsvc - ok
08:11:16.0118 3616 igfx (14f477463246e35f1dc932be6225598c) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:11:16.0134 3616 igfx - ok
08:11:16.0368 3616 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
08:11:16.0368 3616 iirsp - ok
08:11:16.0508 3616 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
08:11:16.0508 3616 IKEEXT - ok
08:11:16.0695 3616 IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys
08:11:16.0742 3616 IntcAzAudAddService - ok
08:11:16.0945 3616 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
08:11:16.0945 3616 intelide - ok
08:11:16.0976 3616 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
08:11:16.0976 3616 intelppm - ok
08:11:17.0023 3616 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
08:11:17.0023 3616 IPBusEnum - ok
08:11:17.0070 3616 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:11:17.0070 3616 IpFilterDriver - ok
08:11:17.0132 3616 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
08:11:17.0148 3616 iphlpsvc - ok
08:11:17.0163 3616 IpInIp - ok
08:11:17.0194 3616 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
08:11:17.0194 3616 IPMIDRV - ok
08:11:17.0241 3616 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
08:11:17.0241 3616 IPNAT - ok
08:11:17.0382 3616 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
08:11:17.0397 3616 iPod Service - ok
08:11:17.0444 3616 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
08:11:17.0444 3616 IRENUM - ok
08:11:17.0491 3616 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
08:11:17.0491 3616 isapnp - ok
08:11:17.0553 3616 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
08:11:17.0553 3616 iScsiPrt - ok
08:11:17.0600 3616 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
08:11:17.0600 3616 iteatapi - ok
08:11:17.0631 3616 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
08:11:17.0631 3616 iteraid - ok
08:11:17.0678 3616 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
08:11:17.0678 3616 kbdclass - ok
08:11:17.0725 3616 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
08:11:17.0725 3616 kbdhid - ok
08:11:17.0772 3616 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
08:11:17.0772 3616 KeyIso - ok
08:11:17.0818 3616 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
08:11:17.0834 3616 KR10I - ok
08:11:17.0881 3616 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
08:11:17.0881 3616 KR10N - ok
08:11:17.0943 3616 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
08:11:17.0959 3616 KR3NPXP - ok
08:11:18.0021 3616 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
08:11:18.0037 3616 KSecDD - ok
08:11:18.0099 3616 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
08:11:18.0115 3616 KtmRm - ok
08:11:18.0177 3616 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
08:11:18.0224 3616 LanmanServer - ok
08:11:18.0427 3616 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
08:11:18.0458 3616 LanmanWorkstation - ok
08:11:18.0552 3616 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
08:11:18.0552 3616 lltdio - ok
08:11:18.0661 3616 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
08:11:18.0661 3616 lltdsvc - ok
08:11:18.0708 3616 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
08:11:18.0723 3616 lmhosts - ok
08:11:18.0770 3616 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
08:11:18.0786 3616 LPCFilter - ok
08:11:18.0817 3616 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
08:11:18.0817 3616 LSI_FC - ok
08:11:18.0879 3616 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
08:11:18.0879 3616 LSI_SAS - ok
08:11:18.0957 3616 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
08:11:18.0957 3616 LSI_SCSI - ok
08:11:19.0020 3616 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
08:11:19.0020 3616 luafv - ok
08:11:19.0051 3616 lxdc_device - ok
08:11:19.0082 3616 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
08:11:19.0082 3616 megasas - ok
08:11:19.0269 3616 MemeoBackgroundService (9547f37d0e899fd71b52b2afd4437c79) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
08:11:19.0285 3616 MemeoBackgroundService - ok
08:11:19.0441 3616 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
08:11:19.0456 3616 MMCSS - ok
08:11:19.0550 3616 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
08:11:19.0550 3616 Modem - ok
08:11:19.0644 3616 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
08:11:19.0659 3616 monitor - ok
08:11:19.0753 3616 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
08:11:19.0753 3616 mouclass - ok
08:11:19.0831 3616 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
08:11:19.0831 3616 mouhid - ok
08:11:19.0940 3616 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
08:11:19.0940 3616 MountMgr - ok
08:11:20.0049 3616 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
08:11:20.0065 3616 mpio - ok
08:11:20.0096 3616 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
08:11:20.0112 3616 mpsdrv - ok
08:11:20.0190 3616 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
08:11:20.0205 3616 MpsSvc - ok
08:11:20.0236 3616 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
08:11:20.0236 3616 Mraid35x - ok
08:11:20.0283 3616 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
08:11:20.0283 3616 MRxDAV - ok
08:11:20.0392 3616 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:11:20.0392 3616 mrxsmb - ok
08:11:20.0439 3616 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:11:20.0455 3616 mrxsmb10 - ok
08:11:20.0580 3616 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:11:20.0595 3616 mrxsmb20 - ok
08:11:20.0626 3616 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
08:11:20.0642 3616 msahci - ok
08:11:20.0736 3616 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
08:11:20.0736 3616 msdsm - ok
08:11:21.0157 3616 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
08:11:21.0172 3616 MSDTC - ok
08:11:21.0297 3616 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
08:11:21.0297 3616 Msfs - ok
08:11:21.0344 3616 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
08:11:21.0344 3616 msisadrv - ok
08:11:21.0406 3616 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
08:11:21.0422 3616 MSiSCSI - ok
08:11:21.0438 3616 msiserver - ok
08:11:21.0469 3616 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
08:11:21.0531 3616 MSKSSRV - ok
08:11:21.0687 3616 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
08:11:21.0687 3616 MSPCLOCK - ok
08:11:21.0828 3616 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
08:11:21.0828 3616 MSPQM - ok
08:11:22.0218 3616 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
08:11:22.0233 3616 MsRPC - ok
08:11:22.0483 3616 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
08:11:22.0483 3616 mssmbios - ok
08:11:22.0686 3616 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
08:11:22.0686 3616 MSTEE - ok
08:11:22.0748 3616 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
08:11:22.0748 3616 Mup - ok
08:11:22.0982 3616 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
08:11:22.0998 3616 napagent - ok
08:11:23.0200 3616 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
08:11:23.0216 3616 NativeWifiP - ok
08:11:23.0544 3616 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
08:11:23.0544 3616 NDIS - ok
08:11:23.0996 3616 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
08:11:23.0996 3616 NdisTapi - ok
08:11:24.0183 3616 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
08:11:24.0183 3616 Ndisuio - ok
08:11:24.0386 3616 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
08:11:24.0386 3616 NdisWan - ok
08:11:24.0495 3616 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
08:11:24.0495 3616 NDProxy - ok
08:11:24.0792 3616 Nero BackItUp Scheduler 4.0 (0ff3c6aa3e0fe0eb316df5449b569463) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
08:11:24.0823 3616 Nero BackItUp Scheduler 4.0 - ok
08:11:24.0948 3616 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
08:11:24.0948 3616 NetBIOS - ok
08:11:25.0072 3616 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
08:11:25.0088 3616 netbt - ok
08:11:25.0166 3616 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
08:11:25.0166 3616 Netlogon - ok
08:11:25.0260 3616 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
08:11:25.0275 3616 Netman - ok
08:11:25.0462 3616 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:11:25.0478 3616 NetMsmqActivator - ok
08:11:25.0494 3616 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:11:25.0494 3616 NetPipeActivator - ok
08:11:25.0665 3616 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
08:11:25.0681 3616 netprofm - ok
08:11:25.0696 3616 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:11:25.0696 3616 NetTcpActivator - ok
08:11:25.0712 3616 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:11:25.0712 3616 NetTcpPortSharing - ok
08:11:25.0930 3616 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
08:11:25.0962 3616 NETw3v32 - ok
08:11:26.0258 3616 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
08:11:26.0258 3616 nfrd960 - ok
08:11:26.0336 3616 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
08:11:26.0352 3616 NlaSvc - ok
08:11:26.0398 3616 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
08:11:26.0398 3616 Npfs - ok
08:11:26.0445 3616 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
08:11:26.0445 3616 nsi - ok
08:11:26.0632 3616 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
08:11:26.0632 3616 nsiproxy - ok
08:11:26.0913 3616 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
08:11:26.0944 3616 Ntfs - ok
08:11:27.0100 3616 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
08:11:27.0100 3616 ntrigdigi - ok
08:11:27.0147 3616 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
08:11:27.0163 3616 Null - ok
08:11:27.0225 3616 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
08:11:27.0225 3616 nvraid - ok
08:11:27.0256 3616 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
08:11:27.0256 3616 nvstor - ok
08:11:27.0319 3616 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
08:11:27.0319 3616 nv_agp - ok
08:11:27.0350 3616 NwlnkFlt - ok
08:11:27.0366 3616 NwlnkFwd - ok
08:11:27.0568 3616 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:11:27.0600 3616 odserv - ok
08:11:27.0740 3616 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
08:11:27.0740 3616 ohci1394 - ok
08:11:27.0896 3616 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:11:27.0912 3616 ose - ok
08:11:28.0068 3616 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:11:28.0099 3616 p2pimsvc - ok
08:11:28.0177 3616 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:11:28.0192 3616 p2psvc - ok
08:11:28.0364 3616 PAC207 (4a410c7aea51123519c20d43a20bce96) C:\Windows\system32\DRIVERS\PFC027.SYS
08:11:28.0380 3616 PAC207 - ok
08:11:28.0489 3616 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
08:11:28.0489 3616 Parport - ok
08:11:28.0551 3616 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
08:11:28.0551 3616 partmgr - ok
08:11:28.0582 3616 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
08:11:28.0582 3616 Parvdm - ok
08:11:28.0629 3616 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
08:11:28.0629 3616 PcaSvc - ok
08:11:28.0707 3616 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
08:11:28.0707 3616 pci - ok
08:11:28.0738 3616 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
08:11:28.0738 3616 pciide - ok
08:11:28.0770 3616 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
08:11:28.0785 3616 pcmcia - ok
08:11:28.0894 3616 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
08:11:28.0910 3616 PEAUTH - ok
08:11:28.0988 3616 pinger (6dbf2ac2bdaff355995ab25eccc4cfe1) C:\TOSHIBA\IVP\ISM\pinger.exe
08:11:29.0004 3616 pinger - ok
08:11:29.0144 3616 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
08:11:29.0269 3616 pla - ok
08:11:29.0674 3616 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
08:11:29.0706 3616 PlugPlay - ok
08:11:29.0799 3616 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:11:29.0815 3616 PNRPAutoReg - ok
08:11:29.0830 3616 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:11:29.0846 3616 PNRPsvc - ok
08:11:29.0908 3616 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
08:11:29.0940 3616 PolicyAgent - ok
08:11:30.0033 3616 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
08:11:30.0033 3616 PptpMiniport - ok
08:11:30.0080 3616 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
08:11:30.0080 3616 Processor - ok
08:11:30.0127 3616 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
08:11:30.0142 3616 ProfSvc - ok
08:11:30.0189 3616 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
08:11:30.0189 3616 ProtectedStorage - ok
08:11:30.0236 3616 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
08:11:30.0236 3616 PSched - ok
08:11:30.0345 3616 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
08:11:30.0361 3616 PSI_SVC_2 - ok
08:11:30.0392 3616 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
08:11:30.0392 3616 PxHelp20 - ok
08:11:30.0501 3616 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
08:11:30.0517 3616 ql2300 - ok
08:11:30.0579 3616 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
08:11:30.0579 3616 ql40xx - ok
08:11:30.0642 3616 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
08:11:30.0657 3616 QWAVE - ok
08:11:30.0704 3616 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
08:11:30.0704 3616 QWAVEdrv - ok
08:11:30.0766 3616 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
08:11:30.0766 3616 RasAcd - ok
08:11:30.0813 3616 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
08:11:30.0829 3616 RasAuto - ok
08:11:30.0891 3616 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:11:30.0891 3616 Rasl2tp - ok
08:11:30.0938 3616 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
08:11:30.0954 3616 RasMan - ok
08:11:30.0985 3616 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
08:11:30.0985 3616 RasPppoe - ok
08:11:31.0016 3616 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
08:11:31.0016 3616 RasSstp - ok
08:11:31.0063 3616 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
08:11:31.0078 3616 rdbss - ok
08:11:31.0110 3616 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:11:31.0110 3616 RDPCDD - ok
08:11:31.0266 3616 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
08:11:31.0312 3616 rdpdr - ok
08:11:31.0375 3616 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
08:11:31.0375 3616 RDPENCDD - ok
08:11:31.0500 3616 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
08:11:31.0515 3616 RDPWD - ok
08:11:31.0578 3616 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
08:11:31.0578 3616 RemoteAccess - ok
08:11:31.0624 3616 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
08:11:31.0671 3616 RemoteRegistry - ok
08:11:31.0983 3616 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
08:11:31.0999 3616 RpcLocator - ok
08:11:32.0919 3616 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
08:11:32.0919 3616 RpcSs - ok
08:11:33.0075 3616 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
08:11:33.0091 3616 rspndr - ok
08:11:33.0200 3616 RTL8169 (455f7f7974211ea11b81f0f4e528e258) C:\Windows\system32\DRIVERS\Rtlh86.sys
08:11:33.0200 3616 RTL8169 - ok
08:11:33.0231 3616 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
08:11:33.0247 3616 SamSs - ok
08:11:33.0340 3616 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
08:11:33.0340 3616 sbp2port - ok
08:11:33.0418 3616 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
08:11:33.0450 3616 SCardSvr - ok
08:11:33.0512 3616 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
08:11:33.0543 3616 Schedule - ok
08:11:33.0590 3616 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
08:11:33.0590 3616 SCPolicySvc - ok
08:11:33.0684 3616 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
08:11:33.0684 3616 sdbus - ok
08:11:33.0715 3616 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
08:11:33.0746 3616 SDRSVC - ok
08:11:33.0980 3616 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
08:11:33.0980 3616 SeagateDashboardService - ok
08:11:34.0089 3616 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:11:34.0105 3616 secdrv - ok
08:11:34.0245 3616 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
08:11:34.0245 3616 seclogon - ok
08:11:34.0604 3616 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
08:11:34.0604 3616 SENS - ok
08:11:34.0744 3616 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
08:11:34.0744 3616 Serenum - ok
08:11:34.0978 3616 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
08:11:34.0994 3616 Serial - ok
08:11:35.0197 3616 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
08:11:35.0197 3616 sermouse - ok
08:11:35.0384 3616 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
08:11:35.0400 3616 SessionEnv - ok
08:11:35.0665 3616 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
08:11:35.0665 3616 sffdisk - ok
08:11:35.0836 3616 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
08:11:35.0836 3616 sffp_mmc - ok
08:11:36.0008 3616 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
08:11:36.0008 3616 sffp_sd - ok
08:11:36.0164 3616 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
08:11:36.0164 3616 sfloppy - ok
08:11:36.0382 3616 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
08:11:36.0382 3616 SharedAccess - ok
08:11:36.0460 3616 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
08:11:36.0476 3616 ShellHWDetection - ok
08:11:36.0523 3616 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
08:11:36.0523 3616 sisagp - ok
08:11:36.0554 3616 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
08:11:36.0554 3616 SiSRaid2 - ok
08:11:36.0632 3616 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
08:11:36.0632 3616 SiSRaid4 - ok
08:11:36.0897 3616 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
08:11:36.0913 3616 SkypeUpdate - ok
08:11:37.0568 3616 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
08:11:37.0677 3616 slsvc - ok
08:11:37.0927 3616 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
08:11:37.0942 3616 SLUINotify - ok
08:11:38.0067 3616 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
08:11:38.0083 3616 Smb - ok
08:11:38.0223 3616 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
08:11:38.0223 3616 SMSIVZAM5 - ok
08:11:38.0410 3616 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
08:11:38.0426 3616 SNMPTRAP - ok
08:11:38.0473 3616 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
08:11:38.0488 3616 spldr - ok
08:11:38.0629 3616 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
08:11:38.0644 3616 Spooler - ok
08:11:38.0988 3616 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
08:11:39.0019 3616 srv - ok
08:11:39.0159 3616 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
08:11:39.0175 3616 srv2 - ok
08:11:39.0284 3616 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
08:11:39.0284 3616 srvnet - ok
08:11:39.0643 3616 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
08:11:39.0658 3616 SSDPSRV - ok
08:11:40.0251 3616 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
08:11:40.0267 3616 SstpSvc - ok
08:11:40.0704 3616 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
08:11:40.0735 3616 stisvc - ok
08:11:41.0047 3616 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
08:11:41.0047 3616 swenum - ok
08:11:41.0265 3616 swmsflt (150ab4fa272130ec55b2a4faebdf47f9) C:\Windows\System32\drivers\swmsflt.sys
08:11:41.0265 3616 swmsflt - ok
08:11:41.0437 3616 SWMX00 (a56848914c78093a1ec84a6ce424c7bf) C:\Windows\system32\DRIVERS\swmx00.sys
08:11:41.0437 3616 SWMX00 - ok
08:11:41.0686 3616 SWNC5E00 (f797787d579e1a9396d2e416240a2259) C:\Windows\system32\DRIVERS\SWNC5E00.sys
08:11:41.0686 3616 SWNC5E00 - ok
08:11:41.0764 3616 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
08:11:41.0796 3616 swprv - ok
08:11:41.0936 3616 Swupdtmr (327786c5d6bcf284fab14c2b5751f514) c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
08:11:41.0936 3616 Swupdtmr - ok
08:11:41.0983 3616 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
08:11:42.0014 3616 Symc8xx - ok
08:11:42.0045 3616 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
08:11:42.0045 3616 Sym_hi - ok
08:11:42.0076 3616 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
08:11:42.0108 3616 Sym_u3 - ok
08:11:42.0217 3616 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
08:11:42.0248 3616 SysMain - ok
08:11:42.0310 3616 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
08:11:42.0342 3616 TabletInputService - ok
08:11:42.0404 3616 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
08:11:42.0435 3616 TapiSrv - ok
08:11:42.0607 3616 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
08:11:42.0638 3616 TBS - ok
08:11:43.0059 3616 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
08:11:43.0090 3616 Tcpip - ok
08:11:43.0168 3616 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
08:11:43.0184 3616 Tcpip6 - ok
08:11:43.0246 3616 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
08:11:43.0246 3616 tcpipreg - ok
08:11:43.0371 3616 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
08:11:43.0371 3616 tdcmdpst - ok
08:11:43.0512 3616 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
08:11:43.0512 3616 TDPIPE - ok
08:11:43.0636 3616 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
08:11:43.0636 3616 TDTCP - ok
08:11:43.0839 3616 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
08:11:43.0839 3616 tdx - ok
08:11:43.0933 3616 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
08:11:43.0933 3616 TermDD - ok
08:11:44.0026 3616 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
08:11:44.0042 3616 TermService - ok
08:11:44.0136 3616 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
08:11:44.0136 3616 Themes - ok
08:11:44.0276 3616 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
08:11:44.0276 3616 THREADORDER - ok
08:11:44.0432 3616 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys
08:11:44.0432 3616 tifm21 - ok
08:11:44.0557 3616 TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe
08:11:44.0572 3616 TODDSrv - ok
08:11:44.0760 3616 TosCoSrv (af41337c08d1c240af14ba4cab02bf02) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
08:11:44.0775 3616 TosCoSrv - ok
08:11:44.0838 3616 TOSHIBA Bluetooth Service (76148c3159718b701252f87b067904a6) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
08:11:44.0838 3616 TOSHIBA Bluetooth Service - ok
08:11:44.0869 3616 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\drivers\Tosrfcom.sys
08:11:44.0884 3616 Tosrfcom - ok
08:11:45.0087 3616 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
08:11:45.0103 3616 TrkWks - ok
08:11:45.0196 3616 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
08:11:45.0196 3616 TrustedInstaller - ok
08:11:45.0243 3616 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:11:45.0243 3616 tssecsrv - ok
08:11:45.0664 3616 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
08:11:45.0664 3616 tunmp - ok
08:11:45.0805 3616 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
08:11:45.0805 3616 tunnel - ok
08:11:45.0961 3616 TVALZ (521c5f39829875adf5466dd94c6282c7) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
08:11:45.0961 3616 TVALZ - ok
08:11:45.0992 3616 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
08:11:46.0008 3616 uagp35 - ok
08:11:46.0226 3616 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
08:11:46.0242 3616 udfs - ok
08:11:46.0335 3616 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
08:11:46.0351 3616 UI0Detect - ok
08:11:46.0632 3616 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
08:11:46.0632 3616 UleadBurningHelper - ok
08:11:46.0678 3616 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
08:11:46.0678 3616 uliagpkx - ok
08:11:46.0866 3616 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
08:11:46.0881 3616 uliahci - ok
08:11:46.0990 3616 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
08:11:46.0990 3616 UlSata - ok
08:11:47.0302 3616 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
08:11:47.0302 3616 ulsata2 - ok
08:11:47.0396 3616 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
08:11:47.0396 3616 umbus - ok
08:11:47.0536 3616 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
08:11:47.0568 3616 upnphost - ok
08:11:47.0661 3616 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
08:11:47.0661 3616 usbaudio - ok
08:11:47.0848 3616 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
08:11:47.0848 3616 usbccgp - ok
08:11:48.0285 3616 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
08:11:48.0285 3616 usbcir - ok
08:11:48.0394 3616 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
08:11:48.0394 3616 usbehci - ok
08:11:48.0457 3616 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
08:11:48.0488 3616 usbhub - ok
08:11:48.0582 3616 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
08:11:48.0582 3616 usbohci - ok
08:11:48.0706 3616 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
08:11:48.0706 3616 usbprint - ok
08:11:48.0878 3616 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
08:11:48.0878 3616 usbscan - ok
08:11:49.0050 3616 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:11:49.0050 3616 USBSTOR - ok
08:11:49.0299 3616 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
08:11:49.0299 3616 usbuhci - ok
08:11:49.0627 3616 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
08:11:49.0627 3616 usbvideo - ok
08:11:49.0908 3616 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
08:11:49.0908 3616 UxSms - ok
08:11:50.0266 3616 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
08:11:50.0298 3616 vds - ok
08:11:50.0594 3616 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
08:11:50.0594 3616 vga - ok
08:11:51.0031 3616 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
08:11:51.0031 3616 VgaSave - ok
08:11:51.0327 3616 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
08:11:51.0327 3616 viaagp - ok
08:11:51.0390 3616 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
08:11:51.0390 3616 ViaC7 - ok
08:11:51.0639 3616 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
08:11:51.0639 3616 viaide - ok
08:11:51.0780 3616 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
08:11:51.0780 3616 volmgr - ok
08:11:51.0920 3616 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
08:11:51.0936 3616 volmgrx - ok
08:11:52.0123 3616 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
08:11:52.0123 3616 volsnap - ok
08:11:52.0263 3616 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
08:11:52.0263 3616 vsmraid - ok
08:11:52.0435 3616 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
08:11:52.0544 3616 VSS - ok
08:11:52.0778 3616 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
08:11:52.0794 3616 W32Time - ok
08:11:52.0965 3616 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
08:11:52.0965 3616 WacomPen - ok
08:11:53.0199 3616 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
08:11:53.0199 3616 Wanarp - ok
08:11:53.0246 3616 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
08:11:53.0246 3616 Wanarpv6 - ok
08:11:53.0402 3616 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
08:11:53.0433 3616 wcncsvc - ok
08:11:53.0667 3616 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
08:11:53.0792 3616 WcsPlugInService - ok
08:11:53.0979 3616 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
08:11:53.0995 3616 Wd - ok
08:11:54.0198 3616 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
08:11:54.0198 3616 WDC_SAM - ok
08:11:54.0369 3616 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
08:11:54.0400 3616 Wdf01000 - ok
08:11:54.0478 3616 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
08:11:54.0494 3616 WdiServiceHost - ok
08:11:54.0510 3616 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
08:11:54.0525 3616 WdiSystemHost - ok
08:11:54.0603 3616 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
08:11:54.0619 3616 WebClient - ok
08:11:54.0697 3616 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
08:11:54.0728 3616 Wecsvc - ok
08:11:54.0868 3616 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
08:11:54.0884 3616 wercplsupport - ok
08:11:55.0071 3616 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
08:11:55.0134 3616 WerSvc - ok
08:11:55.0368 3616 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
08:11:55.0383 3616 WinDefend - ok
08:11:55.0477 3616 WinHttpAutoProxySvc - ok
08:11:55.0602 3616 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
08:11:55.0617 3616 Winmgmt - ok
08:11:55.0820 3616 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
08:11:55.0898 3616 WinRM - ok
08:11:56.0148 3616 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
08:11:56.0179 3616 Wlansvc - ok
08:11:56.0600 3616 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
08:11:56.0600 3616 WmiAcpi - ok
08:11:57.0084 3616 WmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
08:11:57.0099 3616 WmiApSrv - ok
08:11:57.0520 3616 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:11:57.0552 3616 WMPNetworkSvc - ok
08:11:57.0864 3616 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
08:11:57.0879 3616 WPCSvc - ok
08:11:58.0191 3616 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
08:11:58.0222 3616 WPDBusEnum - ok
08:11:58.0534 3616 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
08:11:58.0534 3616 WpdUsb - ok
08:11:58.0940 3616 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:11:58.0971 3616 WPFFontCache_v0400 - ok
08:11:59.0174 3616 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
08:11:59.0174 3616 ws2ifsl - ok
08:11:59.0377 3616 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
08:11:59.0392 3616 wscsvc - ok
08:11:59.0455 3616 WSearch - ok
08:11:59.0860 3616 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
08:11:59.0954 3616 wuauserv - ok
08:12:00.0438 3616 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:12:00.0438 3616 WUDFRd - ok
08:12:00.0734 3616 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
08:12:00.0765 3616 wudfsvc - ok
08:12:01.0030 3616 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
08:12:02.0122 3616 \Device\Harddisk0\DR0 - ok
08:12:02.0138 3616 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
08:12:02.0154 3616 \Device\Harddisk1\DR1 - ok
08:12:02.0154 3616 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
08:12:02.0154 3616 \Device\Harddisk2\DR2 - ok
08:12:02.0169 3616 Boot (0x1200) (94298a7e584e5a2ee31a0eb3c1ba8f6d) \Device\Harddisk0\DR0\Partition0
08:12:02.0169 3616 \Device\Harddisk0\DR0\Partition0 - ok
08:12:02.0263 3616 Boot (0x1200) (7c7f268a9f756b0afe78e8f98f1fdf96) \Device\Harddisk1\DR1\Partition0
08:12:02.0278 3616 \Device\Harddisk1\DR1\Partition0 - ok
08:12:02.0278 3616 Boot (0x1200) (639a35462c9965112d198cc3c51b4902) \Device\Harddisk2\DR2\Partition0
08:12:02.0294 3616 \Device\Harddisk2\DR2\Partition0 - ok
08:12:02.0294 3616 ============================================================
08:12:02.0294 3616 Scan finished
08:12:02.0294 3616 ============================================================
08:12:02.0310 3972 Detected object count: 1
08:12:02.0310 3972 Actual detected object count: 1
08:16:57.0994 3972 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
08:16:57.0994 3972 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

#12 cedarrabbit

cedarrabbit
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 31 May 2012 - 08:50 AM

I ran aswMBR. It did not ask to download extra definitions. I started the scan and it was running but seems to have stalled as there is no movement now for about 15 minutes. It stopped on this: Scanning: C:\Users\Nathan\AppData\Local\Babylon\Setup\sqlite3.dll

#13 cedarrabbit

cedarrabbit
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 31 May 2012 - 09:37 AM

It still hadn't moved an hour later so I went ahead and clicked on "save log".

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-31 08:24:03
-----------------------------
08:24:03.608 OS Version: Windows 6.0.6002 Service Pack 2
08:24:03.608 Number of processors: 1 586 0x1601
08:24:03.608 ComputerName: NATHAN-PC UserName: Nathan
08:24:19.577 Initialize success
08:24:21.184 AVAST engine defs: 12053100
08:25:57.205 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:25:57.299 Disk 0 Vendor: WDC_WD2500BEVS-00VAT0 11.01A11 Size: 238475MB BusType: 3
08:25:57.314 Disk 0 MBR read successfully
08:25:57.470 Disk 0 MBR scan
08:25:57.470 Disk 0 Windows VISTA default MBR code
08:25:57.533 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
08:25:57.595 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 236973 MB offset 3074048
08:25:57.626 Disk 0 scanning sectors +488394752
08:25:57.876 Disk 0 scanning C:\Windows\system32\drivers
08:26:14.958 Service scanning
08:26:16.112 Service .avgmfx86 \* **LOCKED** 123
08:26:49.794 Modules scanning
08:27:02.570 Disk 0 trace - called modules:
08:27:02.617 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
08:27:02.617 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86242ac8]
08:27:02.632 3 CLASSPNP.SYS[88da58b3] -> nt!IofCallDriver -> [0x85068398]
08:27:02.632 5 acpi.sys[8364a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85058b98]
08:27:04.146 AVAST engine scan C:\Windows
08:27:09.309 AVAST engine scan C:\Windows\system32
08:31:15.676 AVAST engine scan C:\Windows\system32\drivers
08:32:02.838 AVAST engine scan C:\Users\Nathan
09:34:27.533 Disk 0 MBR has been saved successfully to "C:\Users\Nathan\Desktop\MBR.dat"
09:34:27.611 The log file has been saved successfully to "C:\Users\Nathan\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 31 May 2012 - 09:12 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

FireFox::
FF - ProfilePath - c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb133/?loc=IB_DS&a=6R8pDoBQaW&&i=26&search=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 02e9ec6900000000000000a0d5ffff85
FF - user.js: extensions.BabylonToolbar_i.hardId - 02e9ec6900000000000000a0d5ffff85
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15366
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:55
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 cedarrabbit

cedarrabbit
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 01 June 2012 - 06:45 AM

ComboFix 12-05-28.05 - Nathan 06/01/2012 0:09:04.4.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.1066 [GMT -5:00]
Running from: C:\Users\Nathan\Desktop\ComboFix.exe
Command switches used :: C:\Users\Nathan\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))


2012-06-01 05:25:39 . 2012-06-01 05:25:39 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-05-30 20:42:00 . 2012-06-01 05:25:50 -------- d-----w- C:\Users\Nathan\AppData\Local\temp
2012-05-29 21:04:47 . 2012-05-29 21:04:48 -------- d-----w- C:\Users\Nathan\AppData\Local\{B1CA2591-A9D1-11E1-8270-B8AC6F996F26}
2012-05-29 13:26:17 . 2012-05-08 16:40:12 6737808 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8B05DB24-6E90-41FC-BF09-A5F0040B3FFA}\mpengine.dll
2012-05-15 01:26:20 . 2012-05-15 01:26:20 -------- d-----w- C:\Program Files\Common Files\Skype
2012-05-12 13:48:32 . 2012-03-20 23:28:50 53120 ----a-w- C:\Windows\system32\drivers\partmgr.sys
2012-05-12 13:21:57 . 2012-03-30 12:39:11 905600 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-05-12 13:21:46 . 2012-02-01 15:10:43 1404928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-12 13:21:45 . 2012-02-01 15:10:46 936960 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 13:21:24 . 2012-03-01 14:46:01 219648 ----a-w- C:\Windows\system32\d3d10_1core.dll
2012-05-12 13:21:24 . 2012-02-29 13:41:40 1069056 ----a-w- C:\Windows\system32\DWrite.dll
2012-05-12 13:21:22 . 2012-02-29 14:08:47 1172480 ----a-w- C:\Windows\system32\d3d10warp.dll
2012-05-12 13:21:21 . 2012-03-01 14:46:01 160768 ----a-w- C:\Windows\system32\d3d10_1.dll
2012-05-12 13:21:21 . 2012-02-29 13:44:50 683008 ----a-w- C:\Windows\system32\d2d1.dll
2012-05-12 13:21:07 . 2012-04-03 08:16:11 3550080 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-05-12 13:21:04 . 2012-04-03 08:16:12 3602816 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2012-05-12 13:21:01 . 2012-04-02 13:36:21 2044928 ----a-w- C:\Windows\system32\win32k.sys
2012-05-08 18:27:51 . 2012-05-31 12:38:40 -------- d-----w- C:\Users\Nathan\AppData\Roaming\CyberDefender
2012-05-08 18:25:23 . 2012-05-08 18:25:23 -------- d-----w- C:\Program Files\Common Files\CyberDefender
2012-05-08 18:25:21 . 2012-05-31 12:38:41 -------- d-----w- C:\Program Files\CyberDefender
2012-05-08 18:21:08 . 2012-05-31 12:38:40 -------- d-----w- C:\ProgramData\CyberDefender
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-05 00:20:41 . 2012-04-04 20:07:35 419488 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-05-05 00:20:40 . 2011-05-18 16:33:47 70304 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 05:55:55 . 2011-08-29 16:57:08 472808 ----a-w- C:\Windows\system32\deployJava1.dll
2012-03-06 23:15:19 . 2012-01-27 05:29:54 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:15:14 . 2012-01-27 05:29:53 201352 ----a-w- C:\Windows\system32\aswBoot.exe
2012-03-06 23:03:51 . 2012-01-27 05:30:42 612184 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2012-03-06 23:03:38 . 2012-01-27 05:30:57 337880 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2012-03-06 23:02:00 . 2012-01-27 05:30:46 35672 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2012-03-06 23:01:53 . 2012-01-27 05:30:44 53848 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2012-03-06 23:01:48 . 2012-01-27 05:30:37 57688 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01:30 . 2012-01-27 05:31:00 20696 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2011-04-27 17:10:54 . 2010-11-03 00:21:12 538624 ----a-w- C:\Program Files\disktective.exe
2011-03-28 02:54:14 . 2011-03-28 02:45:22 56485696 ----a-w- C:\Program Files\Avery Wizard 4.0.0.exe
2010-12-31 06:35:51 . 2010-12-31 06:35:08 1428558 ----a-w- C:\Program Files\ZScreen-3.27.3.1-setup.exe
2010-12-31 04:57:03 . 2010-12-31 04:57:01 329877 ----a-w- C:\Program Files\CamStudioCodec14.exe
2010-12-31 04:56:43 . 2010-12-31 04:56:28 329877 ----a-w- C:\Program Files\CamStudioCodec14.exe.part
2010-12-31 04:54:35 . 2010-12-31 04:53:24 1364995 ----a-w- C:\Program Files\CamStudio20.exe
2010-12-31 04:47:57 . 2010-12-31 04:44:40 3973019 ----a-w- C:\Program Files\fscsetup.exe
2008-06-21 19:56:12 . 2011-09-01 04:27:53 319488 ----a-w- C:\Program Files\exPressit S.E. 2.2.exe
2012-04-26 12:40:35 . 2011-04-21 14:19:19 97208 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15:06 123536 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 21:22:26 417792]
"Akamai NetSession Interface"="C:\Users\Nathan\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 05:31:08 3331872]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-11 15:43:50 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-29 04:14:04 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-29 04:17:02 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-29 04:13:50 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 17:57:52 3784704]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-12-16 09:41:28 188416]
"NDSTray.exe"="NDSTray.exe" [BU]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 15:06:22 413696]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-18 23:06:22 421888]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 06:16:44 411768]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 23:49:20 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2006-12-12 00:45:16 448632]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-15 22:59:04 530552]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-24 01:23:38 1862144]
"CarboniteSetupLite"="C:\Program Files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 08:49:00 318096]
"MaxMenuMgr"="C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 05:31:32 185640]
"WD Anywhere Backup"="C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2008-11-07 19:20:12 197856]
"PAC207_Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2007-12-11 01:55:26 323584]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"Memeo Instant Backup"="C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 00:33:08 136416]
"Memeo AutoSync"="C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 21:43:12 144608]
"Memeo Send"="C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 18:18:14 236816]
"Seagate Dashboard"="C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 16:42:28 79112]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-04 01:00:00 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 01:50:00 1603152]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 02:28:32 59240]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2011-10-24 20:28:52 421888]
"TkBellExe"="C:\Program Files\Real\RealPlayer\update\realsched.exe" [2011-12-02 05:40:32 296056]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-03-06 23:15:17 4241512]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 19:02:04 254696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-03-27 10:09:24 421736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFMS0ctWU9CNkYtMlk0WFAtQUVPS08tQkszRE0tMg&inst=NzctNzU2MjE2NDM4LVFJWDErMy1GTDEwKzEtRERUKzAtREQxMEYrMS1TVDEwRkFQUCsxLUwxME0rMS1GMTBNMTJBTisyMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1TVDEyRk9JKzEtRjEwTTEyQVUrMS1FVUxBKzEtU1QxMkZBUFArMS1TVEYxME0xMkFVRisxLVNUMTJPSSsx&prod=92&ver=2012.0.1834&mid=52ebd8913c7d47d68c77d1e9931b1676-79e73704745bd3e2dcb3c08a0647211abcff1094" [?]

C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 00:21:00 257696]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 13:10:42 63928]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai

Contents of the 'Scheduled Tasks' folder

2012-06-01 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:07:35 . 2012-05-05 00:21:00]

2012-06-01 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-11 16:14:36 . 2010-12-11 16:14:16]

2012-06-01 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-11 16:14:36 . 2010-12-11 16:14:16]


------- Supplementary Scan -------

uStart Page = hxxp://mystart.incredibar.com/mb133?a=6R8pDoBQaW&i=26
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\5pr7o2r9.default\
FF - prefs.js: browser.search.defaulturl - Bing
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS
FF - prefs.js: browser.startup.homepage - hxxp://www.email.ws/

- - - - ORPHANS REMOVED - - - -

AddRemove-_{00580795-581C-4587-B9F2-37320D7AB37F} - G:\Corel PaintShop Pro X4\Setup\{00580795-581C-4587-B9F2-37320D7AB37F}\SetupARP.exe
AddRemove-{4C0532C1-837C-4D06-9DF6-B064AD3E5214}_is1 - G:\Online Money-making Software\Amazon Dominator\unins000.exe
AddRemove-{DC92ACF4-2A4F-44C9-8C32-D33E1A79723E}_is1 - G:\Online Money-making Software\Mass Review Cash\unins000.exe


Computer is working ok. Only thing I've noticed is that sometimes the browser will be unresponsive for a bit. For instance, I connect to the internet, open the browser and try to type something into the address bar but it seems frozen for a short time but then acts normal again.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users