Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirected to random site and pop ads.


  • This topic is locked This topic is locked
43 replies to this topic

#1 Johannrandall

Johannrandall

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 31 July 2012 - 11:36 AM

Hello and good day! I have a problem with my laptop (Toshiba NB200 Win XP Home Sp2) that is similar to this guy, except for the FB crashes, it redirects browsers to random sites when clicking links, there are now pop ups when it didn't have any previously, and there are suspicious toolbars (Spigot?) now. I've followed what was instructed in that guy's thread up until aswMBR (I have saved the log files in case it is needed) that I decided to start my own thread regarding my concerns because I might be given different directions.

So far, I have ran: aswMBR, MBAM, FSS, SecurityCheck, and MiniToolbar by Farbar, and haven't detected anything when it were ran. I'm running AVG 2012 (trial) and it didn't detect anything malicious, it also had Mcafee and Norton trial versions (expired). It got infected with Ultra AV once, but MBAM took care of it. Just now, Google Chrome has a suspicious toolbar on it. When I checked CCleaner I saw Spigot, Inc. running in the machine, which turned out to be a Malware when I Googled it. The DDS log is posted below.

That's about it. I hope you guys can help me. Let me know my next step. Thanks!



DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Johann at 4:12:02 on 2012-07-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.348 [GMT 8:00]
.
AV: Best Antivirus Software *Enabled/Updated* {5F56E2A0-E2AC-41F5-B636-D920C7852C54}
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Best Antivirus Software *Enabled*
FW: AVG Internet Security 2012 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\thpsrv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\WTMKM.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Documents and Settings\Johann\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Johann\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
mURLSearchHooks: H - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.10\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.10\AVG Secure Search_toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Gqysyy] c:\documents and settings\johann\application data\Gqysyy.exe
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [Google Update] "c:\documents and settings\johann\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [TDispVol] TDispVol.exe
mRun: [ZoomingHook] ZoomingHook.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TAccessibility] c:\program files\toshiba\accessibility\TAccessibility.exe Instant
mRun: [<NO NAME>]
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Yahoo Messenger]
mRun: [MacrokeyManager] WTMKM.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\johann\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\johann\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{AFFB323C-503B-4160-ACB0-F385E9018604} : DhcpNameServer = 192.168.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
IFEO: image file execution options - svchost.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\johann\application data\mozilla\firefox\profiles\p2ihal3c.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8a5d2231-f21a-4069-8a9a-f96e241bf1ae%7D&mid=da486c2f918b59d1fd6c2450eb951719-9f96c24661b3656a0d732ffc0429b794efd34e9c&ds=AVG&v=11.0.0.10&lang=en&pr=pr&d=2012-07-26%2001%3A25%3A39&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\johann\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\johann\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.0.2\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 6080f81a000000000000002258f9b78b
FF - user.js: extensions.BabylonToolbar_i.hardId - 6080f81a000000000000002258f9b78b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15410
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:19:29
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101308
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008-8-21 28536]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 6528]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-11-2 68896]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-27 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-20 134016]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-7-26 934496]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 cecnuvc;Chicony USB 2.0 Camera VD;c:\windows\system32\drivers\cec_uvc.sys [2009-12-23 48176]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2011-9-19 127496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-23 116648]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-7-12 8192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-26 1684736]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
S3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-23 116648]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-3-18 102656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-10 22344]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-30 129976]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-11-8 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-11-8 8320]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-3-26 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2009-12-16 375296]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-10 655944]
.
=============== Created Last 30 ================
.
2012-07-30 16:41:42 -------- d-----w- c:\documents and settings\johann\application data\.anki
2012-07-30 16:37:37 -------- d-----w- c:\program files\Anki
2012-07-30 16:36:42 -------- d-----w- c:\program files\Dropbox
2012-07-30 16:34:54 -------- d-----w- c:\documents and settings\johann\application data\Dropbox
2012-07-29 19:38:56 -------- dc----w- C:\NKRemote
2012-07-26 18:20:08 -------- d-----w- c:\program files\BreezeSys
2012-07-26 10:38:56 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-07-25 17:26:41 -------- d-----w- c:\documents and settings\johann\application data\AVG2012
2012-07-25 17:25:46 -------- d-----w- c:\documents and settings\johann\local settings\application data\AVG Secure Search
2012-07-25 17:25:40 -------- d-----w- c:\documents and settings\johann\application data\AVG Secure Search
2012-07-25 17:25:39 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-07-25 17:25:36 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-07-25 17:25:34 -------- d-----w- c:\program files\AVG Secure Search
2012-07-25 17:22:44 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-25 17:22:44 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-07-23 07:44:25 -------- d-----w- c:\program files\GUM1B4.tmp
2012-07-22 17:56:15 -------- d-----w- c:\documents and settings\johann\application data\Minibar
2012-07-22 17:33:18 -------- d-----w- c:\program files\CCleaner
.
==================== Find3M ====================
.
2012-07-03 05:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 07:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 07:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 07:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 07:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 07:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 07:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 07:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 07:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-05-15 07:19:36 7593048 ----a-w- c:\program files\CopyTransManager.exe
2009-08-07 18:26:38 81042799 ----a-w- c:\program files\Adobe Photoshop CS4 vXpc FINAL.exe
.
============= FINISH: 4:14:22.07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:27 PM

Posted 01 August 2012 - 02:29 PM

Hello and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: Do not choose Cure or Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 Johannrandall

Johannrandall
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 02 August 2012 - 02:40 PM

Hello D-FRED-BROWN! Thank your for your reply. I did what you told me to do but I stalled on step 2. CF was about to finish when I got a BSOD, Posted Image, if you are not seeing the image, it says DRIVER_IRQL_NOT_LESS_OR_EQUAL. and when I checked if CF made a log, I didn't find any. What's the next step now? Do I start over with CF again, proceed with the third step, or you have a different instruction?


Regarding the TDSS, it did detect a single rootkit, and the log is posted below. Regarding the way the machine runs, it so far doesn't redirect links at the moment and the suspicious toolbar is not visible right now but there are still pop up ads showing up on the lower right corner of the browser.





00:59:15.0468 5528 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
00:59:17.0468 5528 ============================================================
00:59:17.0468 5528 Current date / time: 2012/08/03 00:59:17.0468
00:59:17.0468 5528 SystemInfo:
00:59:17.0468 5528
00:59:17.0468 5528 OS Version: 5.1.2600 ServicePack: 3.0
00:59:17.0468 5528 Product type: Workstation
00:59:17.0468 5528 ComputerName: ABRINA
00:59:17.0484 5528 UserName: Johann
00:59:17.0484 5528 Windows directory: C:\WINDOWS
00:59:17.0484 5528 System windows directory: C:\WINDOWS
00:59:17.0484 5528 Processor architecture: Intel x86
00:59:17.0484 5528 Number of processors: 2
00:59:17.0484 5528 Page size: 0x1000
00:59:17.0484 5528 Boot type: Normal boot
00:59:17.0484 5528 ============================================================
00:59:36.0406 5528 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:59:36.0578 5528 ============================================================
00:59:36.0578 5528 \Device\Harddisk0\DR0:
00:59:36.0625 5528 MBR partitions:
00:59:36.0625 5528 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11F63187
00:59:36.0625 5528 ============================================================
00:59:36.0828 5528 C: <-> \Device\Harddisk0\DR0\Partition0
00:59:37.0578 5528 ============================================================
00:59:37.0578 5528 Initialize success
00:59:37.0578 5528 ============================================================
01:01:23.0062 2660 ============================================================
01:01:23.0062 2660 Scan started
01:01:23.0062 2660 Mode: Manual;
01:01:23.0062 2660 ============================================================
01:01:24.0875 2660 Abiosdsk - ok
01:01:24.0890 2660 abp480n5 - ok
01:01:24.0921 2660 ACPI (ea38c961260f29295c6d03070fa9d0b5) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:01:24.0921 2660 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: ea38c961260f29295c6d03070fa9d0b5, Fake md5: 8fd99680a539792a30e97944fdaecf17
01:01:24.0921 2660 ACPI ( Virus.Win32.Rloader.a ) - infected
01:01:24.0921 2660 ACPI - detected Virus.Win32.Rloader.a (0)
01:01:24.0953 2660 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
01:01:25.0000 2660 ACPIEC - ok
01:01:25.0093 2660 ACS (75265152c2a2d1cbd2df180d63081d01) C:\WINDOWS\system32\acs.exe
01:01:25.0109 2660 ACS - ok
01:01:25.0109 2660 adpu160m - ok
01:01:25.0171 2660 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:01:25.0218 2660 aec - ok
01:01:25.0375 2660 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
01:01:25.0406 2660 AFD - ok
01:01:25.0421 2660 Aha154x - ok
01:01:25.0421 2660 aic78u2 - ok
01:01:25.0437 2660 aic78xx - ok
01:01:25.0484 2660 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
01:01:25.0515 2660 Alerter - ok
01:01:25.0562 2660 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
01:01:25.0562 2660 ALG - ok
01:01:25.0578 2660 AliIde - ok
01:01:25.0875 2660 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
01:01:25.0937 2660 Ambfilt - ok
01:01:26.0062 2660 amsint - ok
01:01:26.0093 2660 ApfiltrService (95116e2bcfaf5a36af0369050e92b9a5) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
01:01:26.0171 2660 ApfiltrService - ok
01:01:26.0312 2660 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:01:26.0312 2660 Apple Mobile Device - ok
01:01:26.0531 2660 Application Updater (70a5f4951487a9c8d2ea47718ad64ee4) C:\Program Files\Application Updater\ApplicationUpdater.exe
01:01:26.0546 2660 Application Updater - ok
01:01:26.0546 2660 AppMgmt - ok
01:01:26.0734 2660 AR5416 (864160f5f4fbdd97b6a686854bfebd86) C:\WINDOWS\system32\DRIVERS\athw.sys
01:01:26.0781 2660 AR5416 - ok
01:01:26.0906 2660 asc - ok
01:01:26.0921 2660 asc3350p - ok
01:01:26.0937 2660 asc3550 - ok
01:01:27.0031 2660 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
01:01:28.0593 2660 Aspi32 - ok
01:01:28.0796 2660 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
01:01:28.0953 2660 aspnet_state - ok
01:01:29.0031 2660 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:01:29.0062 2660 AsyncMac - ok
01:01:29.0109 2660 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:01:29.0156 2660 atapi - ok
01:01:29.0156 2660 Atdisk - ok
01:01:29.0203 2660 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:01:29.0234 2660 Atmarpc - ok
01:01:29.0281 2660 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
01:01:29.0281 2660 AudioSrv - ok
01:01:29.0328 2660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:01:29.0343 2660 audstub - ok
01:01:29.0421 2660 Avgfwdx (8be661c16fbf84a73bcec84b6b4a9db5) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
01:01:29.0484 2660 Avgfwdx - ok
01:01:29.0484 2660 Avgfwfd (8be661c16fbf84a73bcec84b6b4a9db5) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
01:01:29.0484 2660 Avgfwfd - ok
01:01:29.0968 2660 avgfws (bd5d11cedbcde4fa97d2387e7069b1ff) C:\Program Files\AVG\AVG2012\avgfws.exe
01:01:30.0031 2660 avgfws - ok
01:01:30.0640 2660 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe
01:01:30.0859 2660 AVGIDSAgent - ok
01:01:31.0046 2660 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
01:01:31.0046 2660 AVGIDSDriver - ok
01:01:31.0078 2660 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
01:01:31.0093 2660 AVGIDSFilter - ok
01:01:31.0109 2660 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
01:01:31.0156 2660 AVGIDSHX - ok
01:01:31.0171 2660 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
01:01:31.0187 2660 AVGIDSShim - ok
01:01:31.0250 2660 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
01:01:31.0296 2660 Avgldx86 - ok
01:01:31.0328 2660 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
01:01:31.0328 2660 Avgmfx86 - ok
01:01:31.0343 2660 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
01:01:31.0390 2660 Avgrkx86 - ok
01:01:31.0453 2660 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
01:01:31.0500 2660 Avgtdix - ok
01:01:31.0671 2660 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
01:01:31.0671 2660 avgwd - ok
01:01:31.0781 2660 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
01:01:31.0781 2660 BcmSqlStartupSvc - ok
01:01:31.0843 2660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:01:31.0953 2660 Beep - ok
01:01:32.0046 2660 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
01:01:32.0140 2660 BITS - ok
01:01:32.0171 2660 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
01:01:32.0187 2660 Browser - ok
01:01:32.0203 2660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:01:32.0250 2660 cbidf2k - ok
01:01:32.0296 2660 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:01:32.0328 2660 CCDECODE - ok
01:01:32.0343 2660 cd20xrnt - ok
01:01:32.0390 2660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:01:32.0421 2660 Cdaudio - ok
01:01:32.0453 2660 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:01:32.0484 2660 Cdfs - ok
01:01:32.0531 2660 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:01:32.0531 2660 Cdrom - ok
01:01:32.0593 2660 cecnuvc (6e8c7f6c077ae7593b52dd461f3edf9e) C:\WINDOWS\system32\Drivers\cec_uvc.sys
01:01:32.0625 2660 cecnuvc - ok
01:01:32.0671 2660 CFSvcs (3cb0cc8879956c187e87e18634ee5164) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
01:01:32.0671 2660 CFSvcs - ok
01:01:32.0687 2660 Changer - ok
01:01:32.0750 2660 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
01:01:32.0796 2660 CiSvc - ok
01:01:32.0843 2660 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
01:01:32.0875 2660 ClipSrv - ok
01:01:33.0015 2660 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:01:33.0109 2660 clr_optimization_v2.0.50727_32 - ok
01:01:33.0203 2660 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:01:33.0500 2660 clr_optimization_v4.0.30319_32 - ok
01:01:33.0562 2660 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
01:01:33.0578 2660 CmBatt - ok
01:01:33.0593 2660 CmdIde - ok
01:01:33.0640 2660 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
01:01:33.0671 2660 Compbatt - ok
01:01:33.0671 2660 COMSysApp - ok
01:01:33.0703 2660 Cpqarray - ok
01:01:33.0843 2660 cpuz135 - ok
01:01:33.0921 2660 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
01:01:33.0937 2660 CryptSvc - ok
01:01:33.0953 2660 dac2w2k - ok
01:01:33.0968 2660 dac960nt - ok
01:01:34.0140 2660 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
01:01:34.0156 2660 DcomLaunch - ok
01:01:34.0203 2660 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
01:01:34.0218 2660 Dhcp - ok
01:01:34.0234 2660 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:01:34.0265 2660 Disk - ok
01:01:34.0281 2660 dmadmin - ok
01:01:34.0375 2660 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:01:34.0421 2660 dmboot - ok
01:01:34.0468 2660 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
01:01:34.0468 2660 dmio - ok
01:01:34.0500 2660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:01:34.0531 2660 dmload - ok
01:01:34.0593 2660 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
01:01:34.0593 2660 dmserver - ok
01:01:34.0625 2660 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:01:34.0656 2660 DMusic - ok
01:01:34.0703 2660 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
01:01:34.0718 2660 Dnscache - ok
01:01:34.0765 2660 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
01:01:34.0812 2660 Dot3svc - ok
01:01:34.0812 2660 dpti2o - ok
01:01:34.0828 2660 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:01:34.0828 2660 drmkaud - ok
01:01:34.0859 2660 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
01:01:34.0890 2660 EapHost - ok
01:01:34.0906 2660 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
01:01:34.0906 2660 ERSvc - ok
01:01:34.0968 2660 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:01:34.0984 2660 Eventlog - ok
01:01:35.0031 2660 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
01:01:35.0031 2660 EventSystem - ok
01:01:35.0078 2660 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:01:35.0078 2660 Fastfat - ok
01:01:35.0187 2660 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:01:35.0203 2660 FastUserSwitchingCompatibility - ok
01:01:35.0234 2660 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
01:01:35.0250 2660 Fdc - ok
01:01:35.0281 2660 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:01:35.0312 2660 Fips - ok
01:01:35.0343 2660 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
01:01:35.0390 2660 Flpydisk - ok
01:01:35.0453 2660 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
01:01:35.0453 2660 FltMgr - ok
01:01:35.0562 2660 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:01:35.0578 2660 FontCache3.0.0.0 - ok
01:01:35.0640 2660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:01:35.0656 2660 Fs_Rec - ok
01:01:35.0703 2660 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:01:35.0750 2660 Ftdisk - ok
01:01:35.0921 2660 GameConsoleService (54fd6b2f163782914f1205d51fedd3ef) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
01:01:35.0968 2660 GameConsoleService - ok
01:01:36.0015 2660 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:01:36.0046 2660 Gpc - ok
01:01:36.0171 2660 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
01:01:36.0171 2660 gupdate - ok
01:01:36.0187 2660 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
01:01:36.0187 2660 gupdatem - ok
01:01:36.0281 2660 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
01:01:36.0281 2660 HDAudBus - ok
01:01:36.0343 2660 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:01:36.0359 2660 helpsvc - ok
01:01:36.0375 2660 HidServ - ok
01:01:36.0437 2660 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:01:36.0484 2660 HidUsb - ok
01:01:36.0546 2660 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
01:01:36.0578 2660 hkmsvc - ok
01:01:36.0578 2660 hpn - ok
01:01:36.0640 2660 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
01:01:36.0734 2660 HPZid412 - ok
01:01:36.0765 2660 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
01:01:36.0781 2660 HPZipr12 - ok
01:01:36.0843 2660 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
01:01:36.0890 2660 HPZius12 - ok
01:01:36.0984 2660 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:01:37.0000 2660 HTTP - ok
01:01:37.0031 2660 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
01:01:37.0046 2660 HTTPFilter - ok
01:01:37.0109 2660 hwdatacard (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
01:01:38.0203 2660 hwdatacard - ok
01:01:38.0265 2660 hwusbfake (9be5caeabc6b2eb98b3a4839a55d47a0) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
01:01:38.0437 2660 hwusbfake - ok
01:01:38.0453 2660 i2omgmt - ok
01:01:38.0468 2660 i2omp - ok
01:01:38.0515 2660 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:01:38.0546 2660 i8042prt - ok
01:01:39.0062 2660 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
01:01:39.0234 2660 ialm - ok
01:01:39.0421 2660 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys
01:01:39.0437 2660 iaStor - ok
01:01:39.0734 2660 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:01:39.0765 2660 idsvc - ok
01:01:39.0828 2660 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:01:39.0859 2660 Imapi - ok
01:01:39.0921 2660 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
01:01:39.0953 2660 ImapiService - ok
01:01:39.0968 2660 ini910u - ok
01:01:40.0578 2660 IntcAzAudAddService (2b1cddfe53715372b2677ace12fc9fe5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
01:01:40.0734 2660 IntcAzAudAddService - ok
01:01:40.0859 2660 IntelIde - ok
01:01:40.0890 2660 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:01:40.0906 2660 intelppm - ok
01:01:40.0921 2660 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
01:01:40.0968 2660 Ip6Fw - ok
01:01:41.0000 2660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:01:41.0031 2660 IpFilterDriver - ok
01:01:41.0062 2660 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:01:41.0062 2660 IpInIp - ok
01:01:41.0109 2660 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:01:41.0109 2660 IpNat - ok
01:01:41.0140 2660 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:01:41.0140 2660 IPSec - ok
01:01:41.0156 2660 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:01:41.0187 2660 IRENUM - ok
01:01:41.0218 2660 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:01:41.0250 2660 isapnp - ok
01:01:41.0359 2660 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
01:01:41.0359 2660 JavaQuickStarterService - ok
01:01:41.0406 2660 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:01:41.0453 2660 Kbdclass - ok
01:01:41.0500 2660 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:01:41.0531 2660 kbdhid - ok
01:01:41.0578 2660 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:01:41.0578 2660 kmixer - ok
01:01:41.0640 2660 KMService (4635935fc972c582632bf45c26bfcb0e) C:\WINDOWS\system32\srvany.exe
01:01:43.0046 2660 KMService - ok
01:01:43.0109 2660 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:01:43.0156 2660 KSecDD - ok
01:01:43.0218 2660 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
01:01:43.0234 2660 LanmanServer - ok
01:01:43.0296 2660 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
01:01:43.0312 2660 lanmanworkstation - ok
01:01:43.0312 2660 lbrtfdc - ok
01:01:43.0390 2660 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
01:01:43.0406 2660 LmHosts - ok
01:01:43.0453 2660 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
01:01:43.0531 2660 MBAMProtector - ok
01:01:43.0687 2660 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
01:01:43.0703 2660 MBAMService - ok
01:01:43.0796 2660 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
01:01:43.0812 2660 McComponentHostService - ok
01:01:43.0843 2660 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
01:01:43.0890 2660 Messenger - ok
01:01:43.0937 2660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:01:43.0968 2660 mnmdd - ok
01:01:44.0015 2660 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
01:01:44.0015 2660 mnmsrvc - ok
01:01:44.0046 2660 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:01:44.0046 2660 Modem - ok
01:01:44.0171 2660 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
01:01:44.0234 2660 Monfilt - ok
01:01:44.0390 2660 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:01:44.0406 2660 Mouclass - ok
01:01:44.0500 2660 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:01:44.0546 2660 mouhid - ok
01:01:44.0609 2660 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:01:44.0625 2660 MountMgr - ok
01:01:44.0718 2660 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:01:44.0812 2660 MozillaMaintenance - ok
01:01:44.0828 2660 mraid35x - ok
01:01:44.0890 2660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:01:44.0921 2660 MRxDAV - ok
01:01:45.0046 2660 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:01:45.0062 2660 MRxSmb - ok
01:01:45.0093 2660 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
01:01:45.0125 2660 MSDTC - ok
01:01:45.0171 2660 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:01:45.0203 2660 Msfs - ok
01:01:45.0203 2660 MSIServer - ok
01:01:45.0234 2660 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:01:45.0265 2660 MSKSSRV - ok
01:01:45.0296 2660 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:01:45.0296 2660 MSPCLOCK - ok
01:01:45.0328 2660 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:01:45.0359 2660 MSPQM - ok
01:01:45.0390 2660 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:01:45.0406 2660 mssmbios - ok
01:01:45.0531 2660 MSSQL$MSSMLBIZ - ok
01:01:45.0625 2660 MSSQL$SQLEXPRESS - ok
01:01:45.0687 2660 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
01:01:45.0687 2660 MSSQLServerADHelper - ok
01:01:45.0750 2660 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
01:01:45.0781 2660 MSTEE - ok
01:01:45.0875 2660 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
01:01:45.0875 2660 Mup - ok
01:01:45.0921 2660 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:01:45.0968 2660 NABTSFEC - ok
01:01:46.0046 2660 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
01:01:46.0093 2660 napagent - ok
01:01:46.0156 2660 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:01:46.0187 2660 NDIS - ok
01:01:46.0234 2660 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:01:46.0250 2660 NdisIP - ok
01:01:46.0296 2660 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:01:46.0296 2660 NdisTapi - ok
01:01:46.0312 2660 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:01:46.0328 2660 Ndisuio - ok
01:01:46.0390 2660 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:01:46.0390 2660 NdisWan - ok
01:01:46.0453 2660 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
01:01:46.0453 2660 NDProxy - ok
01:01:46.0500 2660 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:01:46.0500 2660 NetBIOS - ok
01:01:46.0546 2660 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:01:46.0593 2660 NetBT - ok
01:01:46.0656 2660 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:01:46.0703 2660 NetDDE - ok
01:01:46.0703 2660 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:01:46.0718 2660 NetDDEdsdm - ok
01:01:46.0750 2660 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
01:01:47.0671 2660 Netdevio - ok
01:01:47.0703 2660 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:01:47.0718 2660 Netlogon - ok
01:01:47.0781 2660 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
01:01:47.0796 2660 Netman - ok
01:01:48.0000 2660 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:01:48.0031 2660 NetTcpPortSharing - ok
01:01:48.0125 2660 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
01:01:48.0140 2660 Nla - ok
01:01:48.0187 2660 nlsX86cc (fac20f9060ff9c74af0c8a002bb04ae7) C:\WINDOWS\system32\NLSSRV32.EXE
01:01:48.0234 2660 nlsX86cc - ok
01:01:48.0265 2660 NMSAccess - ok
01:01:48.0312 2660 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
01:01:48.0406 2660 nmwcd - ok
01:01:48.0468 2660 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
01:01:48.0515 2660 nmwcdc - ok
01:01:48.0578 2660 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
01:01:48.0671 2660 nmwcdnsu - ok
01:01:48.0718 2660 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
01:01:48.0734 2660 nmwcdnsuc - ok
01:01:48.0781 2660 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:01:48.0812 2660 Npfs - ok
01:01:48.0906 2660 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:01:48.0984 2660 Ntfs - ok
01:01:49.0015 2660 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:01:49.0015 2660 NtLmSsp - ok
01:01:49.0093 2660 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
01:01:49.0109 2660 NtmsSvc - ok
01:01:49.0125 2660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:01:49.0140 2660 Null - ok
01:01:49.0171 2660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:01:49.0203 2660 NwlnkFlt - ok
01:01:49.0250 2660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:01:49.0265 2660 NwlnkFwd - ok
01:01:49.0359 2660 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:01:49.0406 2660 ose - ok
01:01:49.0953 2660 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:01:50.0140 2660 osppsvc - ok
01:01:50.0281 2660 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
01:01:50.0296 2660 Parport - ok
01:01:50.0328 2660 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:01:50.0359 2660 PartMgr - ok
01:01:50.0390 2660 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:01:50.0406 2660 ParVdm - ok
01:01:50.0468 2660 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
01:01:50.0515 2660 pccsmcfd - ok
01:01:50.0562 2660 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:01:50.0562 2660 PCI - ok
01:01:50.0578 2660 PCIDump - ok
01:01:50.0609 2660 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:01:50.0609 2660 PCIIde - ok
01:01:50.0703 2660 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
01:01:50.0734 2660 Pcmcia - ok
01:01:50.0734 2660 PDCOMP - ok
01:01:50.0750 2660 PDFRAME - ok
01:01:50.0765 2660 PDRELI - ok
01:01:50.0781 2660 PDRFRAME - ok
01:01:50.0796 2660 perc2 - ok
01:01:50.0812 2660 perc2hib - ok
01:01:50.0906 2660 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:01:50.0906 2660 PlugPlay - ok
01:01:50.0953 2660 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
01:01:50.0968 2660 Pml Driver HPZ12 - ok
01:01:50.0984 2660 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:01:51.0000 2660 PolicyAgent - ok
01:01:51.0000 2660 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:01:51.0046 2660 PptpMiniport - ok
01:01:51.0046 2660 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:01:51.0046 2660 ProtectedStorage - ok
01:01:51.0062 2660 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:01:51.0078 2660 PSched - ok
01:01:51.0125 2660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:01:51.0156 2660 Ptilink - ok
01:01:51.0156 2660 ql1080 - ok
01:01:51.0171 2660 Ql10wnt - ok
01:01:51.0171 2660 ql12160 - ok
01:01:51.0187 2660 ql1240 - ok
01:01:51.0203 2660 ql1280 - ok
01:01:51.0218 2660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:01:51.0250 2660 RasAcd - ok
01:01:51.0296 2660 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
01:01:51.0312 2660 RasAuto - ok
01:01:51.0312 2660 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:01:51.0328 2660 Rasl2tp - ok
01:01:51.0359 2660 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
01:01:51.0359 2660 RasMan - ok
01:01:51.0390 2660 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:01:51.0406 2660 RasPppoe - ok
01:01:51.0437 2660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:01:51.0468 2660 Raspti - ok
01:01:51.0500 2660 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:01:51.0500 2660 Rdbss - ok
01:01:51.0531 2660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:01:51.0546 2660 RDPCDD - ok
01:01:51.0625 2660 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
01:01:51.0656 2660 RDPWD - ok
01:01:51.0718 2660 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
01:01:51.0718 2660 RDSessMgr - ok
01:01:51.0796 2660 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:01:51.0796 2660 redbook - ok
01:01:51.0828 2660 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
01:01:51.0859 2660 RemoteAccess - ok
01:01:51.0890 2660 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
01:01:51.0921 2660 ROOTMODEM - ok
01:01:51.0968 2660 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
01:01:51.0984 2660 RpcLocator - ok
01:01:52.0062 2660 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
01:01:52.0078 2660 RpcSs - ok
01:01:52.0140 2660 RSUSBSTOR (2ab66b8ccd92d4d8e33c98fea874325b) C:\WINDOWS\system32\Drivers\RtsUStor.sys
01:01:52.0156 2660 RSUSBSTOR - ok
01:01:52.0187 2660 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
01:01:52.0203 2660 RSVP - ok
01:01:52.0250 2660 RTLE8023xp (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
01:01:52.0296 2660 RTLE8023xp - ok
01:01:52.0312 2660 RtsUIR - ok
01:01:52.0343 2660 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:01:52.0343 2660 SamSs - ok
01:01:52.0390 2660 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
01:01:52.0406 2660 SCardSvr - ok
01:01:52.0453 2660 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\WINDOWS\system32\drivers\SCDEmu.sys
01:01:53.0437 2660 SCDEmu - ok
01:01:53.0500 2660 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
01:01:53.0515 2660 Schedule - ok
01:01:53.0562 2660 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:01:53.0593 2660 Secdrv - ok
01:01:53.0640 2660 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
01:01:53.0640 2660 seclogon - ok
01:01:53.0671 2660 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
01:01:53.0687 2660 SENS - ok
01:01:53.0718 2660 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
01:01:53.0750 2660 Serial - ok
01:01:53.0937 2660 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
01:01:56.0218 2660 ServiceLayer - ok
[size="2"][color="#1c2837"]01:01:56.0328 2660 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:56.0343 2660 Sfloppy - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:56.0421 2660 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll[/color][/size]
[size="2"][color="#1c2837"]01:01:56.0437 2660 SharedAccess - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:56.0531 2660 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll[/color][/size]
[size="2"][color="#1c2837"]01:01:56.0531 2660 ShellHWDetection - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:56.0546 2660 Simbad - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:56.0609 2660 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:56.0625 2660 SLIP - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:56.0656 2660 Sparrow - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:56.0687 2660 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:56.0687 2660 splitter - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:56.0750 2660 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe[/color][/size]
[size="2"][color="#1c2837"]01:01:56.0750 2660 Spooler - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:56.0937 2660 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[/color][/size]
[size="2"][color="#1c2837"]01:01:56.0937 2660 SQLBrowser - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0000 2660 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0000 2660 SQLWriter - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0031 2660 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0078 2660 sr - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0140 2660 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0171 2660 srservice - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0265 2660 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0312 2660 Srv - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0343 2660 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0343 2660 SSDPSRV - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0437 2660 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0453 2660 stisvc - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0515 2660 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0546 2660 streamip - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0578 2660 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0578 2660 swenum - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0625 2660 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0640 2660 swmidi - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0656 2660 SwPrv - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0671 2660 symc810 - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0687 2660 symc8xx - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0703 2660 sym_hi - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0718 2660 sym_u3 - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0750 2660 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0765 2660 sysaudio - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0796 2660 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0828 2660 SysmonLog - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0890 2660 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0906 2660 TapiSrv - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0968 2660 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:57.0984 2660 Tcpip - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0000 2660 tdcmdpst (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0031 2660 tdcmdpst - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0078 2660 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0109 2660 TDPIPE - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0140 2660 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0187 2660 TDTCP - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0234 2660 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0296 2660 tdudf - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0343 2660 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0343 2660 TermDD - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0437 2660 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0453 2660 TermService - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0531 2660 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0546 2660 Themes - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0578 2660 Thpdrv (b3556bc3e38cc3c4ab2dc09bc7f51ccb) C:\WINDOWS\system32\DRIVERS\thpdrv.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0593 2660 Thpdrv - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0640 2660 Thpevm (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0703 2660 Thpevm - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0781 2660 Thpsrv (a2b6029763f7c7d340aea8a0b1d44306) C:\WINDOWS\system32\ThpSrv.exe[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0812 2660 Thpsrv - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0843 2660 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\WINDOWS\system32\TODDSrv.exe[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0859 2660 TODDSrv - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0984 2660 TOSHIBA Bluetooth Service (f1ff6b201a6385e54c492f8e92efd62b) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[/color][/size]
[size="2"][color="#1c2837"]01:01:58.0984 2660 TOSHIBA Bluetooth Service - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0000 2660 TosIde - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0062 2660 tosporte (2c15b4856f929ac7dd144044d8334b54) C:\WINDOWS\system32\DRIVERS\tosporte.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0125 2660 tosporte - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0171 2660 tosrfbd (6750328ab04ae5faf01403a575d66978) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0234 2660 tosrfbd - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0281 2660 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0312 2660 tosrfbnp - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0390 2660 Tosrfcom (f6158c41bf2ba736deb779b625597016) C:\WINDOWS\system32\Drivers\tosrfcom.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0421 2660 Tosrfcom - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0468 2660 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\WINDOWS\system32\DRIVERS\tosrfec.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0484 2660 tosrfec - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0515 2660 Tosrfhid (97c2dc66dfec6706267ecf64f5899ad4) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0578 2660 Tosrfhid - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0625 2660 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0625 2660 tosrfnds - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0671 2660 TosRfSnd (bac179b6fce8531d693163cc1fb630c8) C:\WINDOWS\system32\drivers\tosrfsnd.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0671 2660 TosRfSnd - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0734 2660 Tosrfusb (905db72f85213c28890d6bc5033c56d4) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0765 2660 Tosrfusb - ok[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0812 2660 TotRec7 (e9c2642ec635b01f19f343df5eb488d3) C:\WINDOWS\system32\drivers\TotRec7.sys[/color][/size]
[size="2"][color="#1c2837"]01:01:59.0953 2660 TotRec7 - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:00.0031 2660 TPwSav (4026b9c7b042ea99946ce6bbea73ed1b) C:\WINDOWS\system32\drivers\TPwSav.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0062 2660 TPwSav - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0140 2660 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0140 2660 TrkWks - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0203 2660 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0234 2660 trudf - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0281 2660 TVALZ (fc5d508107166a84b2147e5b009206b5) C:\WINDOWS\system32\DRIVERS\TVALZ_O.SYS[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0281 2660 TVALZ - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0312 2660 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0312 2660 Udfs - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0328 2660 ultra - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0375 2660 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0390 2660 Update - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0437 2660 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0484 2660 upnphost - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0531 2660 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0546 2660 upperdev - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0593 2660 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0625 2660 UPS - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0703 2660 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0843 2660 USBAAPL - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0906 2660 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0921 2660 usbccgp - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0937 2660 USBCCID - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0984 2660 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:01.0984 2660 usbehci - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0015 2660 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0046 2660 usbhub - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0109 2660 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0109 2660 usbprint - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0156 2660 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0156 2660 usbscan - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0218 2660 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0218 2660 usbser - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0265 2660 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0265 2660 UsbserFilt - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0312 2660 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0343 2660 USBSTOR - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0375 2660 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0375 2660 usbuhci - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0453 2660 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0500 2660 usbvideo - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0562 2660 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0562 2660 UVCFTR - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0593 2660 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0593 2660 VgaSave - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0609 2660 ViaIde - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0656 2660 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0656 2660 VolSnap - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0718 2660 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0750 2660 VSS - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:02.0984 2660 vToolbarUpdater11.0.2 (3b142c409909fb05215a3dc5c8ec0eb0) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0015 2660 vToolbarUpdater11.0.2 - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0140 2660 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0156 2660 W32Time - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0234 2660 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0250 2660 Wanarp - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0312 2660 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0343 2660 Wdf01000 - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0343 2660 WDICA - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0406 2660 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0437 2660 wdmaud - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0484 2660 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0484 2660 WebClient - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0562 2660 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0578 2660 winmgmt - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0656 2660 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0703 2660 WmdmPmSN - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0750 2660 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe[/color][/size]
[size="2"][color="#1c2837"]01:02:03.0781 2660 WmiApSrv - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:04.0031 2660 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe[/color][/size]
[size="2"][color="#1c2837"]01:02:04.0109 2660 WMPNetworkSvc - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:04.0218 2660 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:04.0218 2660 WpdUsb - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:04.0484 2660 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[/color][/size]
[size="2"][color="#1c2837"]01:02:04.0515 2660 WPFFontCache_v0400 - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:04.0578 2660 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll[/color][/size]
[size="2"][color="#1c2837"]01:02:04.0578 2660 wscsvc - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:04.0593 2660 WSearch - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:04.0656 2660 WSIMD (7a36f3083e28405d6c5ecdb942513c3b) C:\WINDOWS\system32\DRIVERS\wsimd.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:05.0296 2660 WSIMD - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:05.0359 2660 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS[/color][/size]
[size="2"][color="#1c2837"]01:02:05.0359 2660 WSTCODEC - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:05.0375 2660 WTService - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:05.0453 2660 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll[/color][/size]
[size="2"][color="#1c2837"]01:02:05.0453 2660 wuauserv - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:05.0515 2660 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:05.0562 2660 WudfPf - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:05.0625 2660 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys[/color][/size]
[size="2"][color="#1c2837"]01:02:05.0671 2660 WudfRd - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:05.0718 2660 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll[/color][/size]
[size="2"][color="#1c2837"]01:02:05.0718 2660 WudfSvc - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:05.0781 2660 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll[/color][/size]
[size="2"][color="#1c2837"]01:02:05.0796 2660 WZCSVC - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:05.0843 2660 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll[/color][/size]
[size="2"][color="#1c2837"]01:02:05.0859 2660 xmlprov - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:06.0031 2660 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[/color][/size]
[size="2"][color="#1c2837"]01:02:06.0093 2660 YahooAUService - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:06.0140 2660 ZTEusbmdm6k - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:06.0156 2660 ZTEusbnmea - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:06.0171 2660 ZTEusbser6k - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:06.0218 2660 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0[/color][/size]
[size="2"][color="#1c2837"]01:02:06.0984 2660 \Device\Harddisk0\DR0 - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:06.0984 2660 Boot (0x1200) (d0609c85a91506b24172073678413923) \Device\Harddisk0\DR0\Partition0[/color][/size]
[size="2"][color="#1c2837"]01:02:07.0000 2660 \Device\Harddisk0\DR0\Partition0 - ok[/color][/size]
[size="2"][color="#1c2837"]01:02:07.0000 2660 ============================================================[/color][/size]
[size="2"][color="#1c2837"]01:02:07.0000 2660 Scan finished[/color][/size]
[size="2"][color="#1c2837"]01:02:07.0000 2660 ============================================================[/color][/size]
[size="2"][color="#1c2837"]01:02:07.0015 4856 Detected object count: 1[/color][/size]
[size="2"][color="#1c2837"]01:02:07.0015 4856 Actual detected object count: 1[/color][/size]
[size="2"][color="#1c2837"]01:03:49.0906 4856 ACPI ( Virus.Win32.Rloader.a ) - skipped by user[/color][/size]
[size="2"][color="#1c2837"]01:03:49.0906 4856 ACPI ( Virus.Win32.Rloader.a ) - User select action: Skip [/color][/size]
[size="2"][color="#1c2837"]01:04:14.0671 4956 Deinitialize success[/color][/size][color=#1C2837][size=2]
[/size][/color]

#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:27 PM

Posted 02 August 2012 - 02:43 PM

Go ahead and run TDSSKiller once again, but this time, select Cure instead of Skip. If it asks you to reboot, please do so.

Try running ComboFix again after that. Let me know how things go.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#5 Johannrandall

Johannrandall
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 02 August 2012 - 04:26 PM

I did that and it pushed through. CF log is below. I also did step 3 already and posted the log too. So far, there aren't any pop ups now. and it isn't redirecting. I double checked with firefox and its quite normal. I'll be observing for a couple days if there are anymore issues with this machine. What's the next step?

Additional query: I have another machine, an asus eee netbook, and I'm wondering what's the best way to check if it is running clean and free of viruses and malware? Another thing is that I have a fresh laptop coming in and I'm looking for a way to keep it clean. But the thing is, we have an external HD that I haven't checked yet if it is clean, and these three machines will be sharing it.

I guess what I'm asking is: 1) How can I keep these machines from infecting each other if sharing external drives is inevitable. And..
2) These two laptops (Toshiba and Asus) has been significantly slower than it used to, do I just follow all that is in here first?

Thank you so much D-FRED-BROWN!


CF Log:



ComboFix 12-07-31.03 - Johann 08/03/2012 4:09.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.305 [GMT 8:00]
Running from: c:\documents and settings\Johann\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\_ctypes.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\_elementtree.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\_hashlib.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\_socket.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\_ssl.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\pyexpat.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\pysqlite2._sqlite.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\python26.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\pythoncom26.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\PyWinTypes26.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\select.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\unicodedata.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\win32api.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\win32com.shell.shell.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\win32crypt.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\win32event.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\win32file.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\win32inet.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\win32pdh.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\win32process.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\windows._cacheinvalidation.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\wx._controls_.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\wx._core_.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\wx._gdi_.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\wx._html2.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\wx._misc_.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\wx._windows_.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\wx._wizard.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\wxbase293u_net_vc.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\wxbase293u_vc.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\wxmsw293u_adv_vc.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\wxmsw293u_core_vc.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\wxmsw293u_html_vc.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27642\wxmsw293u_webview_vc.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\_ctypes.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\_elementtree.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\_hashlib.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\_socket.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\_ssl.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\pyexpat.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\pysqlite2._sqlite.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\python26.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\pythoncom26.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\PyWinTypes26.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\select.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\unicodedata.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\win32api.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\win32com.shell.shell.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\win32crypt.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\win32event.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\win32file.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\win32inet.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\win32pdh.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\win32process.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\windows._cacheinvalidation.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\wx._controls_.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\wx._core_.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\wx._gdi_.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\wx._html2.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\wx._misc_.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\wx._windows_.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\wx._wizard.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\wxbase293u_net_vc.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\wxbase293u_vc.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\wxmsw293u_adv_vc.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\wxmsw293u_core_vc.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\wxmsw293u_html_vc.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27642\wxmsw293u_webview_vc.dll
.
---- Previous Run -------
.
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\_ctypes.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\_elementtree.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\_hashlib.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\_socket.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\_ssl.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\pyexpat.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\pysqlite2._sqlite.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\python26.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\pythoncom26.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\PyWinTypes26.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\select.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\unicodedata.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\win32api.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\win32com.shell.shell.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\win32crypt.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\win32event.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\win32file.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\win32inet.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\win32pdh.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\win32process.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\windows._cacheinvalidation.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\wx._controls_.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\wx._core_.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\wx._gdi_.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\wx._html2.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\wx._misc_.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\wx._windows_.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\wx._wizard.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\wxbase293u_net_vc.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\wxbase293u_vc.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\wxmsw293u_adv_vc.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\wxmsw293u_core_vc.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\wxmsw293u_html_vc.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI23083\wxmsw293u_webview_vc.dll
c:\documents and settings\All Users\Application Data\a35bf9\3447.mof
c:\documents and settings\All Users\Application Data\a35bf9\BackUp\Bluetooth Manager.lnk
c:\documents and settings\All Users\Application Data\a35bf9\BackUp\HP Digital Imaging Monitor.lnk
c:\documents and settings\All Users\Application Data\a35bf9\BackUp\McAfee Security Scan Plus.lnk
c:\documents and settings\All Users\Application Data\a35bf9\BackUp\OneNote 2010 Screen Clipper and Launcher.lnk
c:\documents and settings\All Users\Application Data\a35bf9\BackUp\Windows Search.lnk
c:\documents and settings\All Users\Application Data\a35bf9\BAS.ico
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\_ctypes.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\_elementtree.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\_hashlib.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\_socket.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\_ssl.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\pyexpat.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\pysqlite2._sqlite.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\python26.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\pythoncom26.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\PyWinTypes26.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\select.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\unicodedata.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\win32api.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\win32com.shell.shell.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\win32crypt.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\win32event.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\win32file.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\win32inet.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\win32pdh.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\win32process.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\windows._cacheinvalidation.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\wx._controls_.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\wx._core_.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\wx._gdi_.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\wx._html2.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\wx._misc_.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\wx._windows_.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\wx._wizard.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\wxbase293u_net_vc.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\wxbase293u_vc.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\wxmsw293u_adv_vc.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\wxmsw293u_core_vc.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\wxmsw293u_html_vc.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI23083\wxmsw293u_webview_vc.dll
c:\program files\Search Settings\SeARchsettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettings_AVG_RESTORED.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\a9e9630ed422cadc.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\bdff69c84578eafa.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\SET80.tmp
c:\windows\system32\SET85.tmp
c:\windows\system32\SET8C.tmp
c:\windows\system32\sqlite3.dll
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 20:05 . 2012-08-02 20:05 7552 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-08-02 19:53 . 2012-08-02 19:53 -------- dc----w- C:\TDSSKiller_Quarantine
2012-07-31 12:18 . 2012-07-31 12:18 -------- d-----w- c:\documents and settings\Johann\Local Settings\Application Data\CRE
2012-07-31 12:18 . 2012-07-31 12:18 -------- d-----w- c:\program files\Conduit
2012-07-31 12:18 . 2012-07-31 12:18 -------- d-----w- c:\documents and settings\Johann\Local Settings\Application Data\uTorrentControl2
2012-07-31 12:17 . 2012-07-31 12:18 -------- d-----w- c:\documents and settings\Johann\Local Settings\Application Data\Conduit
2012-07-31 12:17 . 2012-07-31 12:18 -------- d-----w- c:\program files\uTorrentControl2
2012-07-30 16:41 . 2012-07-30 17:41 -------- d-----w- c:\documents and settings\Johann\Application Data\.anki
2012-07-30 16:37 . 2012-07-30 16:38 -------- d-----w- c:\program files\Anki
2012-07-30 16:36 . 2012-07-30 16:36 -------- d-----w- c:\program files\Dropbox
2012-07-30 16:34 . 2012-08-02 20:29 -------- d-----w- c:\documents and settings\Johann\Application Data\Dropbox
2012-07-29 19:38 . 2012-07-31 19:56 -------- dc----w- C:\NKRemote
2012-07-26 18:20 . 2012-07-26 18:20 -------- d-----w- c:\program files\BreezeSys
2012-07-26 10:38 . 2012-07-26 10:39 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-07-25 17:26 . 2012-07-25 17:26 -------- d-----w- c:\documents and settings\Johann\Application Data\AVG2012
2012-07-25 17:25 . 2012-07-25 17:25 -------- d-----w- c:\documents and settings\Johann\Local Settings\Application Data\AVG Secure Search
2012-07-25 17:25 . 2012-07-25 17:25 -------- d-----w- c:\documents and settings\Johann\Application Data\AVG Secure Search
2012-07-25 17:25 . 2012-07-25 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-07-25 17:25 . 2012-07-25 17:25 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-25 17:25 . 2012-07-25 17:25 -------- d-----w- c:\program files\AVG Secure Search
2012-07-25 17:22 . 2012-08-02 16:42 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-25 17:22 . 2012-07-25 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-07-23 07:44 . 2012-07-23 07:45 -------- d-----w- c:\program files\GUM1B4.tmp
2012-07-23 07:38 . 2012-07-23 07:41 -------- d-----w- c:\program files\Google
2012-07-22 17:56 . 2012-07-22 17:56 -------- d-----w- c:\documents and settings\Johann\Application Data\Minibar
2012-07-22 17:33 . 2012-07-22 17:33 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 19:58 . 2008-04-14 00:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-07-03 05:46 . 2011-05-10 12:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2009-03-25 05:28 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2009-03-25 05:28 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2009-03-25 05:28 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2009-03-25 05:28 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 07:19 . 2009-08-06 11:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 07:19 . 2009-08-06 11:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 07:19 . 2009-03-25 17:14 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 07:19 . 2009-03-25 17:14 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 07:19 . 2009-03-25 17:14 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 07:19 . 2009-08-06 11:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 07:19 . 2009-08-06 11:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 07:19 . 2009-03-25 17:14 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 07:19 . 2009-03-25 17:14 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 07:19 . 2009-03-25 05:28 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 07:19 . 2009-08-06 11:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 07:19 . 2009-03-25 17:14 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 07:19 . 2009-03-25 17:14 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 07:18 . 2009-12-26 08:57 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 07:18 . 2009-12-26 08:57 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 07:18 . 2009-12-26 08:57 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2009-03-25 05:28 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2009-03-25 05:28 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2009-03-25 05:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2009-03-25 05:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2009-03-25 05:28 385024 ----a-w- c:\windows\system32\html.iec
2011-05-15 07:19 . 2011-05-19 07:21 7593048 ----a-w- c:\program files\CopyTransManager.exe
2009-08-07 18:26 . 2009-12-31 12:12 81042799 ----a-w- c:\program files\Adobe Photoshop CS4 vXpc FINAL.exe
2012-07-30 06:51 . 2011-11-12 08:39 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-25 17:25 2069088 ----a-w- c:\program files\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll" [2012-07-25 2069088]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Johann\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Johann\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Johann\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Johann\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-20 11:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-20 11:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-20 11:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-20 11:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-06-20 12163848]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-07-31 1022352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-16 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-16 137752]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2009-03-18 827392]
"TDispVol"="TDispVol.exe" [2009-04-02 210232]
"ZoomingHook"="ZoomingHook.exe" [2005-06-06 24576]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"TAccessibility"="c:\program files\TOSHIBA\Accessibility\TAccessibility.exe" [2009-02-25 110592]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2009-03-19 90112]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2009-04-03 73728]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-03-16 252288]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2009-03-17 283960]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"ACU"="c:\program files\Atheros\ACU.exe" [2009-03-05 479320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-03-18 417792]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"MacrokeyManager"="WTMKM.exe" [2007-11-13 1969824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-25 1118304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-20 519584]
.
c:\documents and settings\Johann\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Johann\Application Data\Dropbox\bin\Dropbox.exe [2012-7-25 26909544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-1-6 2360648]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll
"mixer"=DrvTrNTm.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Johann^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Johann\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChikkaIM]
2004-11-03 21:49 1748992 ----a-w- c:\progra~1\Chikka\chikka.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-16 11:59 138096 ----atw- c:\documents and settings\Johann\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2011-10-04 17:18 247968 ----a-w- c:\windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-23 20:21 135664 ----atw- c:\documents and settings\Johann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-09 18:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-04-29 08:59 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 10:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-07-31 11:47 1022352 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List][/color][/size]
[size="2"][color="#1c2837"]"%windir%\\Network Diagnostic\\xpnetdiag.exe"=[/color][/size]
[size="2"][color="#1c2837"]"%windir%\\system32\\sessmgr.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Documents and Settings\\Johann\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Documents and Settings\\Johann\\My Documents\\Downloads\\solutoinstaller-Nq3r8E2Cyg.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\uTorrent\\uTorrent.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=[/color][/size]
[size="2"][color="#1c2837"]"c:\\Documents and Settings\\Johann\\Application Data\\Dropbox\\bin\\Dropbox.exe"=[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896][/color][/size]
[size="2"][color="#1c2837"]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952][/color][/size]
[size="2"][color="#1c2837"]R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [8/21/2008 10:35 AM 28536][/color][/size]
[size="2"][color="#1c2837"]R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [9/4/2007 10:14 AM 6528][/color][/size]
[size="2"][color="#1c2837"]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 235216][/color][/size]
[size="2"][color="#1c2837"]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 301248][/color][/size]
[size="2"][color="#1c2837"]R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/27/2007 3:22 AM 105856][/color][/size]
[size="2"][color="#1c2837"]R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/20/2007 3:15 AM 134016][/color][/size]
[size="2"][color="#1c2837"]R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944][/color][/size]
[size="2"][color="#1c2837"]R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856][/color][/size]
[size="2"][color="#1c2837"]R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144][/color][/size]
[size="2"][color="#1c2837"]R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232][/color][/size]
[size="2"][color="#1c2837"]R3 cecnuvc;Chicony USB 2.0 Camera VD;c:\windows\system32\drivers\cec_uvc.sys [12/23/2009 1:27 PM 48176][/color][/size]
[size="2"][color="#1c2837"]R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [9/19/2011 12:37 AM 127496][/color][/size]
[size="2"][color="#1c2837"]S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/26/2009 4:33 AM 1684736][/color][/size]
[size="2"][color="#1c2837"]S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944][/color][/size]
[size="2"][color="#1c2837"]S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?][/color][/size]
[size="2"][color="#1c2837"]S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [3/18/2010 8:36 PM 102656][/color][/size]
[size="2"][color="#1c2837"]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/10/2011 8:19 PM 22344][/color][/size]
[size="2"][color="#1c2837"]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [11/8/2010 4:45 AM 137344][/color][/size]
[size="2"][color="#1c2837"]S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [11/8/2010 4:45 AM 8320][/color][/size]
[size="2"][color="#1c2837"]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [3/26/2009 4:37 AM 164864][/color][/size]
[size="2"][color="#1c2837"]S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?][/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]Contents of the 'Scheduled Tasks' folder[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]2012-07-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4114057892-329501035-3575270886-1006Core.job[/color][/size]
[size="2"][color="#1c2837"]- c:\documents and settings\Johann\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-11-11 11:59][/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]2012-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4114057892-329501035-3575270886-1006UA.job[/color][/size]
[size="2"][color="#1c2837"]- c:\documents and settings\Johann\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-11-11 11:59][/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job[/color][/size]
[size="2"][color="#1c2837"]- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-23 06:54][/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job[/color][/size]
[size="2"][color="#1c2837"]- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-23 06:54][/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4114057892-329501035-3575270886-1006Core.job[/color][/size]
[size="2"][color="#1c2837"]- c:\documents and settings\Johann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-23 20:21][/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4114057892-329501035-3575270886-1006UA.job[/color][/size]
[size="2"][color="#1c2837"]- c:\documents and settings\Johann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-23 20:21][/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]2012-07-30 c:\windows\Tasks\Norton Security Scan for Johann.job[/color][/size]
[size="2"][color="#1c2837"]- c:\progra~1\NORTON~2\Engine\361~1.11\Nss.exe [2012-01-03 18:45][/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]------- Supplementary Scan -------[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050[/color][/size]
[size="2"][color="#1c2837"]mStart Page = hxxp://www.yahoo.com[/color][/size]
[size="2"][color="#1c2837"]uInternet Settings,ProxyOverride = *.local[/color][/size]
[size="2"][color="#1c2837"]IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000[/color][/size]
[size="2"][color="#1c2837"]IE: Se&nd to OneNote - /105[/color][/size]
[size="2"][color="#1c2837"]IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html[/color][/size]
[size="2"][color="#1c2837"]TCP: DhcpNameServer = 192.168.254.254[/color][/size]
[size="2"][color="#1c2837"]Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll[/color][/size]
[size="2"][color="#1c2837"]FF - ProfilePath - c:\documents and settings\Johann\Application Data\Mozilla\Firefox\Profiles\p2ihal3c.default\[/color][/size]
[size="2"][color="#1c2837"]FF - prefs.js: browser.search.defaulturl - [/color][/size]
[size="2"][color="#1c2837"]FF - prefs.js: browser.search.selectedEngine - Google[/color][/size]
[size="2"][color="#1c2837"]FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph[/color][/size]
[size="2"][color="#1c2837"]FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8a5d2231-f21a-4069-8a9a-f96e241bf1ae%7D&mid=da486c2f918b59d1fd6c2450eb951719-9f96c24661b3656a0d732ffc0429b794efd34e9c&ds=AVG&v=11.0.0.10&lang=en&pr=pr&d=2012-07-26%2001%3A25%3A39&sap=ku&q=[/color][/size]
[size="2"][color="#1c2837"]FF - prefs.js: network.proxy.type - 0[/color][/size]
[size="2"][color="#1c2837"]FF - user.js: extensions.BabylonToolbar_i.id - 6080f81a000000000000002258f9b78b[/color][/size]
[size="2"][color="#1c2837"]FF - user.js: extensions.BabylonToolbar_i.hardId - 6080f81a000000000000002258f9b78b[/color][/size]
[size="2"][color="#1c2837"]FF - user.js: extensions.BabylonToolbar_i.instlDay - 15410[/color][/size]
[size="2"][color="#1c2837"]FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17[/color][/size]
[size="2"][color="#1c2837"]FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17[/color][/size]
[size="2"][color="#1c2837"]FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:19[/color][/size]
[size="2"][color="#1c2837"]FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon[/color][/size]
[size="2"][color="#1c2837"]FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar[/color][/size]
[size="2"][color="#1c2837"]FF - user.js: extensions.BabylonToolbar_i.aflt - babsst[/color][/size]
[size="2"][color="#1c2837"]FF - user.js: extensions.BabylonToolbar_i.smplGrp - none[/color][/size]
[size="2"][color="#1c2837"]FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9[/color][/size]
[size="2"][color="#1c2837"]FF - user.js: extensions.BabylonToolbar_i.newTab - false[/color][/size]
[size="2"][color="#1c2837"]FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101308[/color][/size]
[size="2"][color="#1c2837"]FF - user.js: extensions.BabylonToolbar_i.babExt - [/color][/size]
[size="2"][color="#1c2837"]FF - user.js: extensions.BabylonToolbar_i.srcExt - ss[/color][/size]
[size="2"][color="#1c2837"]FF - user.js: extensions.BabylonToolbar_i.instlRef - sst[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]- - - - ORPHANS REMOVED - - - -[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)[/color][/size]
[size="2"][color="#1c2837"]WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)[/color][/size]
[size="2"][color="#1c2837"]WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)[/color][/size]
[size="2"][color="#1c2837"]WebBrowser-{E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - (no file)[/color][/size]
[size="2"][color="#1c2837"]WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)[/color][/size]
[size="2"][color="#1c2837"]WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)[/color][/size]
[size="2"][color="#1c2837"]HKCU-Run-Gqysyy - c:\documents and settings\Johann\Application Data\Gqysyy.exe[/color][/size]
[size="2"][color="#1c2837"]SafeBoot-14418461.sys[/color][/size]
[size="2"][color="#1c2837"]SafeBoot-WudfPf[/color][/size]
[size="2"][color="#1c2837"]SafeBoot-WudfRd[/color][/size]
[size="2"][color="#1c2837"]MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe[/color][/size]
[size="2"][color="#1c2837"]AddRemove-Convert Multiple PSD Files To JPG Files Software_is1 - c:\downloads\Convert Multiple PSD Files To JPG Files Software\unins000.exe[/color][/size]
[size="2"][color="#1c2837"]AddRemove-ImTOO AVI MPEG Converter - c:\program files\ImTOO\AVI MPEG Converter\Uninstall.exe[/color][/size]
[size="2"][color="#1c2837"]AddRemove-{7DD81976-3E78-4e3c-B65C-FB7226879E1B}_is1 - c:\downloads\4Videosoft MP4 Converter\unins000.exe[/color][/size]
[size="2"][color="#1c2837"]AddRemove-{CF766FD0-5CB2-4713-A713-350C4606387E} - c:\documents and settings\All Users\Application Data\{7D1F40B1-FDA9-48B3-9A00-C43B98B6061B}\adjust5_setup.exe[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]**************************************************************************[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net[/color][/size]
[size="2"][color="#1c2837"]Rootkit scan 2012-08-03 04:28[/color][/size]
[size="2"][color="#1c2837"]Windows 5.1.2600 Service Pack 3 NTFS[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]scanning hidden processes ... [/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]scanning hidden autostart entries ... [/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]scanning hidden files ... [/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]scan completed successfully[/color][/size]
[size="2"][color="#1c2837"]hidden files: 0[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]**************************************************************************[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]--------------------- DLLs Loaded Under Running Processes ---------------------[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]- - - - - - - > 'explorer.exe'(4660)[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\WININET.dll[/color][/size]
[size="2"][color="#1c2837"]c:\documents and settings\Johann\Application Data\Dropbox\bin\DropboxExt.14.dll[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Google\Drive\googledrivesync32.dll[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\TDispVol.dll[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Windows Desktop Search\deskbar.dll[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Windows Desktop Search\en-us\dbres.dll.mui[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Windows Desktop Search\dbres.dll[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Windows Desktop Search\wordwheel.dll[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Windows Desktop Search\msnlExtRes.dll[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\ieframe.dll[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\webcheck.dll[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\WPDShServiceObj.dll[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\msi.dll[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\PortableDeviceTypes.dll[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\PortableDeviceApi.dll[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\TPwrCfg.DLL[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\TPwrReg.dll[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\TPSTrace.DLL[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]------------------------ Other Running Processes ------------------------[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\acs.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\AVG\AVG2012\avgfws.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\AVG\AVG2012\avgwdsvc.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\AVG\AVG2012\avgnsx.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Java\jre6\bin\jqs.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\AVG\AVG2012\avgrsx.exe[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\NLSSRV32.EXE[/color][/size]
[size="2"][color="#1c2837"]c:\program files\AVG\AVG2012\avgcsrvx.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\ThpSrv.exe[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\TODDSrv.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\SearchIndexer.exe[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\atwtusb.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\AVG\AVG2012\avgidsagent.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\igfxsrvc.exe[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\TDispVol.exe[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\ZoomingHook.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\TOSHIBA\ConfigFree\NDSTray.exe[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\TPSMain.exe[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\thpsrv.exe[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\WTMKM.exe[/color][/size]
[size="2"][color="#1c2837"]c:\windows\system32\TPSBattM.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Apoint2K\Apntex.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\AVG\AVG2012\avgcsrvx.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[/color][/size]
[size="2"][color="#1c2837"]c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]**************************************************************************[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]Completion time: 2012-08-03 04:48:19 - machine was rebooted[/color][/size]
[size="2"][color="#1c2837"]ComboFix-quarantined-files.txt 2012-08-02 20:48[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]Pre-Run: 24,191,012,864 bytes free[/color][/size]
[size="2"][color="#1c2837"]Post-Run: 24,245,616,640 bytes free[/color][/size]
[size="2"][color="#1c2837"].[/color][/size]
[size="2"][color="#1c2837"]- - End Of File - - 0887F0662366F8D1A33A81640C38E5C7[/color][/size][color=#1C2837][size=2]
[/size][/color][color=#1C2837][size=2]
[/size][/color][color=#1C2837][size=2]
[/size][/color][color=#1C2837][size=2]
[/size][/color][color=#1C2837][size=2]
[/size][/color][color=#1C2837][size=2]Security Check Log:[/size][/color][color=#1C2837][size=2]
[/size][/color][color=#1C2837][size=2]
[/size][/color]

[size="2"][color="#1c2837"] Results of screen317's Security Check version 0.99.43 [/color][/size]
[size="2"][color="#1c2837"] Windows XP Service Pack 3 x86 [/color][/size]
[size="2"][color="#1c2837"] Internet Explorer 8 [/color][/size]
[size="2"][color="#1c2837"]``````````````Antivirus/Firewall Check:`````````````` [/color][/size]
[size="2"][color="#1c2837"] Windows Firewall Disabled! [/color][/size]
[size="2"][color="#1c2837"] AVG 2012 [/color][/size]
[size="2"][color="#1c2837"] McAfee Security Scan Plus [/color][/size]
[size="2"][color="#1c2837"] AVG2012 successfully updated! [/color][/size]
[size="2"][color="#1c2837"]`````````Anti-malware/Other Utilities Check:````````` [/color][/size]
[size="2"][color="#1c2837"] Malwarebytes Anti-Malware version 1.62.0.1300 [/color][/size]
[size="2"][color="#1c2837"] CCleaner [/color][/size]
[size="2"][color="#1c2837"] Java™ 6 Update 29 [/color][/size]
[size="2"][color="#1c2837"] [color=red]Java version out of Date![/color] [/color][/size]
[size="2"][color="#1c2837"] Adobe Flash Player 10 [color=red]Flash Player out of Date![/color] [/color][/size]
[size="2"][color="#1c2837"] Adobe Flash Player 11.0.1.152 [/color][/size]
[size="2"][color="#1c2837"] Adobe Reader 9 [color=red]Adobe Reader out of Date![/color] [/color][/size]
[size="2"][color="#1c2837"] Mozilla Firefox 12.0 [color=red]Firefox out of Date![/color] [/color][/size]
[size="2"][color="#1c2837"]````````Process Check: objlist.exe by Laurent```````` [/color][/size]
[size="2"][color="#1c2837"] AVG avgwdsvc.exe [/color][/size]
[size="2"][color="#1c2837"] AVG avgtray.exe [/color][/size]
[size="2"][color="#1c2837"] AVG avgrsx.exe [/color][/size]
[size="2"][color="#1c2837"] AVG avgnsx.exe [/color][/size]
[size="2"][color="#1c2837"] AVG avgemc.exe [/color][/size]
[size="2"][color="#1c2837"] Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe [/color][/size]
[size="2"][color="#1c2837"]`````````````````System Health check````````````````` [/color][/size]
[size="2"][color="#1c2837"] Total Fragmentation on Drive C:: 28% [color=red]Defragment your hard drive soon![/color][/color][/size]
[size="2"][color="#1c2837"]````````````````````End of Log`````````````````````` [/color][/size][color=#1C2837][size=2]
[/size][/color][color=#1C2837][size=2]
[/size][/color]


#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:27 PM

Posted 02 August 2012 - 05:01 PM

Additional query: I have another machine, an asus eee netbook, and I'm wondering what's the best way to check if it is running clean and free of viruses and malware? Another thing is that I have a fresh laptop coming in and I'm looking for a way to keep it clean.

I suggest you run an ESET online scan on the computer in question: http://www.eset.eu/online-scanner

Hope that helps. :)


I guess what I'm asking is: 1) How can I keep these machines from infecting each other if sharing external drives is inevitable. And..

As long as you keep your computers' software up-to-date, and run a good set of security software, you should be good to go.

As we wrap things up, I'll provide you with some suggestions for security software that you can use to keep your systems safe.


2) These two laptops (Toshiba and Asus) has been significantly slower than it used to, do I just follow all that is in here first?

You can, though I would advise you take caution when cleaning the physical components of your computer.

I recently had success with increasing the pagefile size, as well as installing and running CCleaner (both are mentioned in that link). Regardless, anything discussed in that tutorial should give you some pretty good insight as to what you can do to speed yourself up. :)


But the thing is, we have an external HD that I haven't checked yet if it is clean, and these three machines will be sharing it.

Go ahead and plug in the external hard drive in this computer.

Then, run ComboFix.exe once again.

Please post the new ComboFix report in your next reply.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#7 Johannrandall

Johannrandall
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 03 August 2012 - 01:39 PM

Hello again! Thanks for your reply. I ran the eset scanner and found 18 infections, unfortunately I wasn't here to see through it and don't know if it did finish scanning, is there a log for it? The new CF log is below. What's the next step?



ComboFix 12-07-31.05 - Johann 08/03/2012 11:51:41.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.387 [GMT 8:00]
Running from: c:\documents and settings\Johann\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\_ctypes.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\_elementtree.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\_hashlib.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\_socket.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\_ssl.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\pyexpat.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\pysqlite2._sqlite.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\python26.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\pythoncom26.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\PyWinTypes26.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\select.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\unicodedata.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\win32api.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\win32com.shell.shell.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\win32crypt.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\win32event.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\win32file.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\win32inet.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\win32pdh.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\win32process.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\windows._cacheinvalidation.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\wx._controls_.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\wx._core_.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\wx._gdi_.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\wx._html2.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\wx._misc_.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\wx._windows_.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\wx._wizard.pyd
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\wxbase293u_net_vc.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\wxbase293u_vc.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\wxmsw293u_adv_vc.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\wxmsw293u_core_vc.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\wxmsw293u_html_vc.dll
c:\docume~1\Johann\LOCALS~1\Temp\_MEI27842\wxmsw293u_webview_vc.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\_ctypes.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\_elementtree.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\_hashlib.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\_socket.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\_ssl.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\pyexpat.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\pysqlite2._sqlite.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\python26.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\pythoncom26.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\PyWinTypes26.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\select.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\unicodedata.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\win32api.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\win32com.shell.shell.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\win32crypt.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\win32event.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\win32file.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\win32inet.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\win32pdh.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\win32process.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\windows._cacheinvalidation.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\wx._controls_.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\wx._core_.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\wx._gdi_.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\wx._html2.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\wx._misc_.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\wx._windows_.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\wx._wizard.pyd
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\wxbase293u_net_vc.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\wxbase293u_vc.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\wxmsw293u_adv_vc.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\wxmsw293u_core_vc.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\wxmsw293u_html_vc.dll
c:\documents and settings\Johann\Local Settings\Temp\_MEI27842\wxmsw293u_webview_vc.dll
G:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-08-02 19:53 . 2012-08-02 19:53 -------- dc----w- C:\TDSSKiller_Quarantine
2012-07-31 12:18 . 2012-07-31 12:18 -------- d-----w- c:\documents and settings\Johann\Local Settings\Application Data\CRE
2012-07-31 12:18 . 2012-07-31 12:18 -------- d-----w- c:\program files\Conduit
2012-07-31 12:18 . 2012-07-31 12:18 -------- d-----w- c:\documents and settings\Johann\Local Settings\Application Data\uTorrentControl2
2012-07-31 12:17 . 2012-07-31 12:18 -------- d-----w- c:\documents and settings\Johann\Local Settings\Application Data\Conduit
2012-07-31 12:17 . 2012-07-31 12:18 -------- d-----w- c:\program files\uTorrentControl2
2012-07-30 16:41 . 2012-07-30 17:41 -------- d-----w- c:\documents and settings\Johann\Application Data\.anki
2012-07-30 16:37 . 2012-07-30 16:38 -------- d-----w- c:\program files\Anki
2012-07-30 16:36 . 2012-07-30 16:36 -------- d-----w- c:\program files\Dropbox
2012-07-30 16:34 . 2012-08-03 04:11 -------- d-----w- c:\documents and settings\Johann\Application Data\Dropbox
2012-07-29 19:38 . 2012-07-31 19:56 -------- dc----w- C:\NKRemote
2012-07-26 18:20 . 2012-07-26 18:20 -------- d-----w- c:\program files\BreezeSys
2012-07-26 10:38 . 2012-07-26 10:39 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-07-25 17:26 . 2012-07-25 17:26 -------- d-----w- c:\documents and settings\Johann\Application Data\AVG2012
2012-07-25 17:25 . 2012-07-25 17:25 -------- d-----w- c:\documents and settings\Johann\Local Settings\Application Data\AVG Secure Search
2012-07-25 17:25 . 2012-07-25 17:25 -------- d-----w- c:\documents and settings\Johann\Application Data\AVG Secure Search
2012-07-25 17:25 . 2012-07-25 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-07-25 17:25 . 2012-07-25 17:25 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-25 17:25 . 2012-07-25 17:25 -------- d-----w- c:\program files\AVG Secure Search
2012-07-25 17:22 . 2012-08-03 02:35 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-25 17:22 . 2012-07-25 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-07-23 07:44 . 2012-07-23 07:45 -------- d-----w- c:\program files\GUM1B4.tmp
2012-07-23 07:38 . 2012-07-23 07:41 -------- d-----w- c:\program files\Google
2012-07-22 17:56 . 2012-07-22 17:56 -------- d-----w- c:\documents and settings\Johann\Application Data\Minibar
2012-07-22 17:33 . 2012-07-22 17:33 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 19:58 . 2008-04-14 00:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-07-03 05:46 . 2011-05-10 12:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2009-03-25 05:28 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2009-03-25 05:28 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2009-03-25 05:28 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2009-03-25 05:28 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 07:19 . 2009-08-06 11:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 07:19 . 2009-08-06 11:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 07:19 . 2009-03-25 17:14 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 07:19 . 2009-03-25 17:14 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 07:19 . 2009-03-25 17:14 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 07:19 . 2009-08-06 11:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 07:19 . 2009-08-06 11:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 07:19 . 2009-03-25 17:14 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 07:19 . 2009-03-25 17:14 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 07:19 . 2009-03-25 05:28 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 07:19 . 2009-08-06 11:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 07:19 . 2009-03-25 17:14 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 07:19 . 2009-03-25 17:14 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 07:18 . 2009-12-26 08:57 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 07:18 . 2009-12-26 08:57 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 07:18 . 2009-12-26 08:57 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2009-03-25 05:28 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2009-03-25 05:28 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2009-03-25 05:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2009-03-25 05:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2009-03-25 05:28 385024 ----a-w- c:\windows\system32\html.iec
2011-05-15 07:19 . 2011-05-19 07:21 7593048 ----a-w- c:\program files\CopyTransManager.exe
2009-08-07 18:26 . 2009-12-31 12:12 81042799 ----a-w- c:\program files\Adobe Photoshop CS4 vXpc FINAL.exe
2012-07-30 06:51 . 2011-11-12 08:39 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-25 17:25 2069088 ----a-w- c:\program files\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll" [2012-07-25 2069088]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Johann\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Johann\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Johann\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Johann\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-20 11:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-20 11:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-20 11:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-20 11:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-06-20 12163848]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-07-31 1022352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-16 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-16 137752]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2009-03-18 827392]
"TDispVol"="TDispVol.exe" [2009-04-02 210232]
"ZoomingHook"="ZoomingHook.exe" [2005-06-06 24576]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"TAccessibility"="c:\program files\TOSHIBA\Accessibility\TAccessibility.exe" [2009-02-25 110592]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2009-03-19 90112]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2009-04-03 73728]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-03-16 252288]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2009-03-17 283960]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"ACU"="c:\program files\Atheros\ACU.exe" [2009-03-05 479320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-03-18 417792]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"MacrokeyManager"="WTMKM.exe" [2007-11-13 1969824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-25 1118304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-20 519584]
.
c:\documents and settings\Johann\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Johann\Application Data\Dropbox\bin\Dropbox.exe [2012-7-25 26909544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-1-6 2360648]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll
"mixer"=DrvTrNTm.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Johann^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Johann\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChikkaIM]
2004-11-03 21:49 1748992 ----a-w- c:\progra~1\Chikka\chikka.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-16 11:59 138096 ----atw- c:\documents and settings\Johann\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2011-10-04 17:18 247968 ----a-w- c:\windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-23 20:21 135664 ----atw- c:\documents and settings\Johann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-09 18:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-04-29 08:59 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 10:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-07-31 11:47 1022352 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Johann\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Documents and Settings\\Johann\\My Documents\\Downloads\\solutoinstaller-Nq3r8E2Cyg.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Documents and Settings\\Johann\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [8/21/2008 10:35 AM 28536]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [9/4/2007 10:14 AM 6528]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 301248]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [6/13/2012 3:48 AM 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 5:25 PM 5160568]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/27/2007 3:22 AM 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/20/2007 3:15 AM 134016]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 cecnuvc;Chicony USB 2.0 Camera VD;c:\windows\system32\drivers\cec_uvc.sys [12/23/2009 1:27 PM 48176]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [9/19/2011 12:37 AM 127496]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2012 3:39 PM 116648]
S2 KMService;KMService;c:\windows\system32\srvany.exe [7/12/2010 5:13 PM 8192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/26/2009 4:33 AM 1684736]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2012 3:39 PM 116648]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [3/18/2010 8:36 PM 102656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/10/2011 8:19 PM 22344]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [11/8/2010 4:45 AM 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [11/8/2010 4:45 AM 8320]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [3/26/2009 4:37 AM 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [12/16/2009 5:38 PM 375296]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/10/2011 8:19 PM 655944]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4114057892-329501035-3575270886-1006Core.job
- c:\documents and settings\Johann\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-11-11 11:59]
.
2012-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4114057892-329501035-3575270886-1006UA.job
- c:\documents and settings\Johann\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-11-11 11:59]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-23 06:54]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-23 06:54]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4114057892-329501035-3575270886-1006Core.job
- c:\documents and settings\Johann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-23 20:21]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4114057892-329501035-3575270886-1006UA.job
- c:\documents and settings\Johann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-23 20:21]
.
2012-08-03 c:\windows\Tasks\Norton Security Scan for Johann.job
- c:\progra~1\NORTON~2\Engine\361~1.11\Nss.exe [2012-01-03 18:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.254.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Johann\Application Data\Mozilla\Firefox\Profiles\p2ihal3c.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8a5d2231-f21a-4069-8a9a-f96e241bf1ae%7D&mid=da486c2f918b59d1fd6c2450eb951719-9f96c24661b3656a0d732ffc0429b794efd34e9c&ds=AVG&v=11.0.0.10&lang=en&pr=pr&d=2012-07-26%2001%3A25%3A39&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - 6080f81a000000000000002258f9b78b
FF - user.js: extensions.BabylonToolbar_i.hardId - 6080f81a000000000000002258f9b78b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15410
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:19
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101308
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-03 12:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(256)
c:\windows\system32\WININET.dll
c:\documents and settings\Johann\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\TDispVol.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\windows\system32\NLSSRV32.EXE
c:\program files\AVG\AVG2012\avgrsx.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\ThpSrv.exe
c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
c:\windows\system32\TODDSrv.exe
c:\windows\system32\TDispVol.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\ZoomingHook.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\TPSMain.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\thpsrv.exe
c:\windows\system32\atwtusb.exe
c:\windows\system32\WTMKM.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2012-08-03 12:24:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-03 04:24
ComboFix2.txt 2012-08-02 20:48
.
Pre-Run: 24,368,476,160 bytes free
Post-Run: 24,367,898,624 bytes free
.
- - End Of File - - 0E1F31D7CEFBC22BB37547B50B11B393

#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:27 PM

Posted 03 August 2012 - 02:28 PM

Hello again! Thanks for your reply. I ran the eset scanner and found 18 infections, unfortunately I wasn't here to see through it and don't know if it did finish scanning, is there a log for it?

Just to clarify, was this for the computer we're currently dealing with, or the other one you mentioned?

The logfile should be locate at C:\Program Files\EsetOnlineScanner\log.txt :thumbup2:
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#9 Johannrandall

Johannrandall
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 03 August 2012 - 11:24 PM

I'm sorry for the confusion,that CF log was for the current one (toshiba). I haven't ran CF on the other one (asus), just the eset scanner. Thanks!

#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:27 PM

Posted 04 August 2012 - 11:41 AM

Here's what we'll do: open up a second topic for the other computer (the Asus), and start by running and posting a new ESET Online Scan report. Then, post the link to that new topic here. We'll use this topic for the Toshiba computer.

Regarding the Toshiba one...

I'm not seeing any further signs of malware. Let's run an online scan before we do anything else, to confirm that you're clean:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#11 Johannrandall

Johannrandall
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 04 August 2012 - 12:01 PM

Ok. Copy that. But I won't be able to post anything for today, those two machines aren't with me at the moment. I'll get back to you in a day or two. Thanks D-FRED-BROWN.

#12 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:27 PM

Posted 04 August 2012 - 03:59 PM

Sounds good. Keep me posted.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#13 Johannrandall

Johannrandall
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 08 August 2012 - 10:03 PM

Hello D-FRED-BROWN!

I'm terribly sorry for the delay, I was stuck at a place without an internet connection due to heavy rains and flooding.

As for the Toshiba, I already ran ESET last weekend and it found 24 malicious files (log is posted below). Now, when I came back last night, I tried to re-scan the machine to get a more recent log file but when I woke up to check if it is done scanning, it got a BSOD. Thinking that it would be the same as the last time it happened, I just restarted it and I unfortunately wasn't able to take note of the Error. And now, when I try to turn on the machine, it won't boot up. It is stuck with a black screen with a single letter J and a blinking cursor beside it ,after showing the Toshiba splash screen (where it asks you to press function keys for set up). I know this problem may now fall out of the scope of our thread, but what do you think will be our best next step? Thanks!

By the way, the link to the thread that you requested is here.



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a453750f9b9a184f8223a71e8dc0936d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-05 09:48:58
# local_time=2012-08-06 05:48:58 (+0800, Taipei Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777175 100 0 949022 949022 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 660 660 0 0
# scanned=150365
# found=24
# cleaned=0
# scan_time=18072
C:\Documents and Settings\Johann\Local Settings\Application Data\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Johann\My Documents\Downloads\media.player.codec.pack.v3.9.1.setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Johann\My Documents\KING GREEN\Documents\Nutrition\Chess diet eat or play .htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Johann\My Documents\KING GREEN\Documents\Nutrition\Chess diet eat or play - Chess Diet 2_files\index.php HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\a35bf9\3447.mof.vir Win32/RogueAV.A trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SeARchsettings.dll.vir Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.exe.vir Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettingsRes409.dll.vir Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings_AVG_RESTORED.exe.vir Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{43D09EE3-3EED-4181-B151-E777BE690664}\RP1296\A0330564.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{43D09EE3-3EED-4181-B151-E777BE690664}\RP1321\A0348116.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{43D09EE3-3EED-4181-B151-E777BE690664}\RP1321\A0348117.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{43D09EE3-3EED-4181-B151-E777BE690664}\RP1321\A0348118.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{43D09EE3-3EED-4181-B151-E777BE690664}\RP1333\A0363607.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{43D09EE3-3EED-4181-B151-E777BE690664}\RP1333\A0363608.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{43D09EE3-3EED-4181-B151-E777BE690664}\RP1333\A0363609.dll a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{43D09EE3-3EED-4181-B151-E777BE690664}\RP1333\A0363610.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{43D09EE3-3EED-4181-B151-E777BE690664}\RP1361\A0378372.mof Win32/RogueAV.A trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{43D09EE3-3EED-4181-B151-E777BE690664}\RP1361\A0378379.dll Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{43D09EE3-3EED-4181-B151-E777BE690664}\RP1361\A0378380.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{43D09EE3-3EED-4181-B151-E777BE690664}\RP1361\A0378381.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{43D09EE3-3EED-4181-B151-E777BE690664}\RP1361\A0378382.dll Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\03.08.2012_03.51.43\rtkt0000\svc0000\tsk0000.dta Win32/Simda.M.Gen trojan (unable to clean) 00000000000000000000000000000000 I


#14 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:27 PM

Posted 08 August 2012 - 11:53 PM

I'm terribly sorry for the delay, I was stuck at a place without an internet connection due to heavy rains and flooding.

No worries. I hope you are okay!


And now, when I try to turn on the machine, it won't boot up. It is stuck with a black screen with a single letter J and a blinking cursor beside it ,after showing the Toshiba splash screen (where it asks you to press function keys for set up).

See if you can access System Restore through the Toshiba Recovery Environment.

Use the following steps to get to the Recovery Console from the boot DVD (these instructions are identical to those of the Toshiba Recovery Environment):

Insert the DVD and boot from it. You'll get a black and white screen:
Posted Image

If this doesn't appear, it may be the DVD is not a Windows bootable DVD. Assuming you get this message, press a key (spacebar or anything else). If you don't press any key within about 5 seconds, it will boot from the hard disk.

Continuing to boot from the DVD you'll see a loading progress screen.
Posted Image

This typically takes 2-3 minutes. When complete the first options screen appears.
Posted Image

Change any options if desired, and press Next.
Posted Image

To start the Recovery Console, select Repair your computer.
Posted Image

Unless you have multiple copies of Windows installed, only one choice will appear. Select your OS, and press Next.
Posted Image

Here you can pick from a number of useful options.
Choose System Restore.

-----------

System Restore

After selecting System Restore from the options menu, the screen appears:
Posted Image

Press Next.
Posted Image

From the list of restore points, select the one you want to restore. You'll want to pick a date prior to the problem event, such as before an installation that you suspect caused the problem (in our case, the restore point date should be one that was created by ComboFix recently).

Press Next.
Posted Image

If you have multiple drives, in rare cases there may be restorable information on those other drives. The status will confirm which drives have recovery information. Check any drives that you want to recovery (including the system drive). Press Next.
Posted Image

This is the final confirmation. Press Finish to begin restoring the selected restore point.

It may take 10 minutes or more, so be patient and don't power down or reset the PC while the restoration is occurring. After the reboot and logging on again, Windows will confirm the restore completed successfully.

If you don't like the results of the restoration, you can return to System Restore and choose a different restore point.

-----------

After you have successfully reverted to an earlier Restore Point, please post back here and we'll take it from there
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#15 Johannrandall

Johannrandall
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 09 August 2012 - 12:14 AM

Hello. Thanks for the quick reply. We're doing fine , thanks.

As for the boot DVD, I don't think we have that one since, this machine has no ODD. Is there a way we can go around this? Is there a place we can DL the recovery console and run it through a USB?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users