Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus

Started by LushiePippa , Jun 12 2011 03:34 PM

  • This topic is locked This topic is locked

#1
LushiePippa
Posted 12 June 2011 - 03:34 PM

LushiePippa

    Member

  • Member
  • PipPip
  • 10 posts
For quite a while (not really sure how long but definitely a few weeks), I have been using google and every so often I will click on a link and it will take me to a completely different page. However if I press back and click the link again, it works fine.

I completed the 'How to Fix Google Redirects' instructions but TDSSkiller never came up with anything.

I am surprised that comodo, malwarebytes and mcafee all missed it!

Thankyou very much in advance. I found this website through someone else and everyone seems really helpful.

OTL logfile created on: 6/12/2011 10:25:35 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Pippa\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.86 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 55.03% Memory free
7.73 Gb Paging File | 4.96 Gb Available in Paging File | 64.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 33.14 Gb Free Space | 22.23% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 140.89 Gb Free Space | 94.78% Space Free | Partition Type: NTFS

Computer Name: PIPPA-MEH | User Name: Pippa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/12 22:21:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Pippa\Downloads\OTL.exe
PRC - [2011/04/18 21:57:34 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/01/13 03:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
PRC - [2011/01/11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 22:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/06/30 11:22:57 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/04/05 11:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/10/28 12:15:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 14:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/12 12:30:42 | 006,203,296 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/13 22:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe


========== Modules (SafeList) ==========

MOD - [2011/06/12 22:21:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Pippa\Downloads\OTL.exe
MOD - [2011/05/02 20:36:04 | 000,284,744 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/09 09:38:46 | 002,506,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdagent)
SRV:64bit: - [2009/11/10 14:54:54 | 000,824,688 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/11/05 23:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/11/05 10:19:12 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/09/28 15:46:02 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/09/09 00:56:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/04/05 11:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/27 21:12:14 | 000,252,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/15 17:49:56 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/17 23:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/11 23:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/06/16 11:04:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/02 20:36:46 | 000,016,016 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/07/09 11:25:28 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/02/17 16:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2010/02/17 16:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/11/05 23:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/26 13:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/15 21:11:26 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam S7500(UVC)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/10/02 14:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/10/02 13:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/22 18:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/09 01:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/30 22:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:46 | 000,427,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 19:04:56 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/09 15:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/09/22 18:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSEH&bmod=TSEH
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.3
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {FA199514-5481-4A6F-AEE4-3AC4DBCD4FED}:1.9.1
FF - prefs.js..network.proxy.backup.ftp: "WifiProxy.harrow.ac.uk"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "WifiProxy.harrow.ac.uk"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "WifiProxy.harrow.ac.uk"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "WifiProxy.harrow.ac.uk"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "WifiProxy.harrow.ac.uk"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "WifiProxy.harrow.ac.uk"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "WifiProxy.harrow.ac.uk"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "WifiProxy.harrow.ac.uk"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "WifiProxy.harrow.ac.uk"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/08 14:35:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/09/26 00:46:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/21 00:02:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/21 00:02:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/15 18:51:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/01 13:32:49 | 000,000,000 | ---D | M]

[2010/04/30 17:52:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pippa\AppData\Roaming\Mozilla\Extensions
[2011/06/12 08:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pippa\AppData\Roaming\Mozilla\Firefox\Profiles\0sqc1yhz.default\extensions
[2011/05/25 22:50:47 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Pippa\AppData\Roaming\Mozilla\Firefox\Profiles\0sqc1yhz.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/05/25 22:50:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Pippa\AppData\Roaming\Mozilla\Firefox\Profiles\0sqc1yhz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/25 22:50:59 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Pippa\AppData\Roaming\Mozilla\Firefox\Profiles\0sqc1yhz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/25 22:50:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Pippa\AppData\Roaming\Mozilla\Firefox\Profiles\0sqc1yhz.default\extensions\[email protected]
[2010/11/30 02:04:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/03 15:12:35 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/26 00:46:38 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
[2011/01/21 00:02:32 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/01/21 00:02:32 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/02/09 20:30:43 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\PIPPA\APPDATA\LOCAL\{FA199514-5481-4A6F-AEE4-3AC4DBCD4FED}
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
[2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [binupdt700max.exe] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [smcnxoewra.exe] File not found
O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/12 22:17:53 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pippa\Desktop\TDSSKiller.exe
[2011/06/12 22:17:39 | 000,000,000 | ---D | C] -- C:\Users\Pippa\Desktop\GooredFix Backups
[2011/06/12 22:12:35 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/12 22:10:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/12 22:08:03 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Pippa\Desktop\OTM.exe
[2011/06/12 22:05:33 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Pippa\Desktop\GooredFix.exe
[2011/06/12 16:13:58 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{2D9A935A-8CD6-46B7-9495-9CABDA914FF2}
[2011/06/12 08:18:24 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{4F06067E-5CD3-418A-AFD5-8AA2C8894008}
[2011/06/12 00:36:21 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{3A25AE3B-E07A-4AF6-A8D6-4A23C46209D7}
[2011/06/12 00:32:03 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{4B744926-3C3C-455A-847E-15C0C65AF3AF}
[2011/06/11 12:15:38 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{209BAA32-AA97-4328-B35D-99813E8F8FDD}
[2011/06/09 22:24:17 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{978AB4CF-9C88-4AC6-BF19-A3AE7F683553}
[2011/06/08 15:27:47 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{7952ADCF-2718-4BA9-954D-4A1BE260D78D}
[2011/06/07 20:16:48 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{55AC0825-C39B-4529-9B47-F6F86D49CA48}
[2011/06/07 20:16:37 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{F7E8B8F8-1297-4038-AC5C-CAAC994C6BEE}
[2011/06/07 08:15:51 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{1790F184-E088-4AC6-B108-490B5AAE721F}
[2011/06/05 19:49:24 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{6093C674-A849-4980-A1CA-22091DC870D2}
[2011/06/04 22:38:34 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{E38091C0-A0B3-4063-A714-2A5B8580DBCF}
[2011/06/04 22:07:20 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{192DA1B2-1D41-49C2-86AB-15CE4B18F0DE}
[2011/06/04 09:25:27 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{890A8EBE-0DFE-4E90-B34E-4569C9187FC8}
[2011/06/03 11:08:00 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{3877D2CD-611A-4542-99A9-664C354E8566}
[2011/06/03 10:50:44 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{87FB3AA7-7028-4AE5-8DF6-06754B6DCEA8}
[2011/06/02 09:13:15 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{0BCE5243-DC28-4E57-9EDF-3CC302A740DE}
[2011/06/01 13:37:40 | 000,446,464 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\HHActiveX.dll
[2011/06/01 13:29:35 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{A7DF8AF5-1932-4CF8-8CB7-D20229D1E1D8}
[2011/05/31 21:57:18 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{A1F39953-9332-44C4-AE73-27A998A6A3D4}
[2011/05/30 12:33:35 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011/05/30 12:24:26 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{D9750C27-2907-46E2-8D64-1DD53F9F4173}
[2011/05/30 11:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/05/30 11:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/05/30 11:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/05/30 11:26:40 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\SKIDROW
[2011/05/30 11:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011/05/30 10:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2011/05/29 16:21:29 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{0506D548-7DAD-4B70-8C8A-0E9E419F2F81}
[2011/05/28 10:53:55 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{F21277AA-A246-43B9-870D-7376F3732368}
[2011/05/27 21:31:55 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{31FC6DB3-B3C9-44D8-8E6C-5187149E5E85}
[2011/05/27 09:31:14 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{547FB673-7634-470D-9726-2B77C9D03558}
[2011/05/25 23:24:08 | 000,000,000 | ---D | C] -- C:\Users\Pippa\Documents\My Received Files
[2011/05/25 17:31:47 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{07B78C2E-61BB-47CB-AAD7-9318C8987BB6}
[2011/05/24 08:54:35 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{CA564964-3A04-4569-AE78-A81AFC3387D8}
[2011/05/20 23:57:58 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{C544C40C-2BB1-42AC-BBBE-B13C4516FCA1}
[2011/05/19 23:56:57 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{1E807D33-EE3D-4F02-9025-58DEE43B278B}
[2011/05/19 00:24:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenuEX
[2011/05/19 00:24:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2
[2011/05/19 00:24:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP
[2011/05/19 00:24:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter
[2011/05/19 00:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2011/05/19 00:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool
[2011/05/19 00:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
[2011/05/19 00:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJMSetup
[2011/05/19 00:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5200 series User Registration
[2011/05/19 00:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2011/05/19 00:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2011/05/19 00:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD-LabelPrint
[2011/05/19 00:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011/05/19 00:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/05/18 23:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5200 series Manual
[2011/05/18 23:59:06 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2011/05/18 23:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5200 series
[2011/05/18 23:58:09 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011/05/18 23:57:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING
[2011/05/18 23:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2011/05/18 18:43:51 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{07BE8FAA-ED1B-4F82-9139-F7B335779F7B}
[2011/05/15 16:23:26 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{E59D5CE7-4A93-44D7-BB71-C89A39940E6E}
[2011/05/14 10:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yuna Software
[2011/05/14 10:40:39 | 000,000,000 | ---D | C] -- C:\Users\Pippa\AppData\Local\{EE2DA897-4D82-4821-AD17-22BE8A793F11}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/12 22:28:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/12 22:23:40 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011/06/12 22:21:34 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/12 22:21:34 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/12 22:14:23 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/12 22:13:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/12 22:13:43 | 3112,386,560 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/12 22:13:03 | 000,001,085 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011/06/12 22:08:21 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Pippa\Desktop\OTM.exe
[2011/06/12 22:05:48 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Pippa\Desktop\GooredFix.exe
[2011/06/12 21:50:36 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/11 12:39:37 | 000,000,632 | RHS- | M] () -- C:\Users\Pippa\ntuser.pol
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pippa\Desktop\TDSSKiller.exe
[2011/06/04 23:04:08 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/04 23:04:08 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/04 23:04:08 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/01 13:42:12 | 000,000,119 | ---- | M] () -- C:\Windows\NNS.INI
[2011/06/01 13:32:50 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/05/30 11:58:52 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2011/05/30 11:07:44 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/19 00:04:37 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2011/05/19 00:00:57 | 000,002,361 | ---- | M] () -- C:\Users\Public\Desktop\Canon MG5200 series On-screen Manual.lnk
[2011/05/15 16:19:34 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2011/05/14 10:41:50 | 000,001,202 | ---- | M] () -- C:\Users\Pippa\Desktop\Continue Messenger Plus! Installation.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/11 12:21:09 | 000,000,632 | RHS- | C] () -- C:\Users\Pippa\ntuser.pol
[2011/06/01 13:37:42 | 000,000,119 | ---- | C] () -- C:\Windows\NNS.INI
[2011/06/01 13:31:39 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/01 13:31:39 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/05/30 11:59:33 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011/05/30 11:58:52 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2011/05/30 11:07:44 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011/05/19 00:13:47 | 000,013,056 | ---- | C] () -- C:\Windows\SysWow64\CNC1749D.TBL
[2011/05/19 00:04:37 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2011/05/19 00:00:57 | 000,002,361 | ---- | C] () -- C:\Users\Public\Desktop\Canon MG5200 series On-screen Manual.lnk
[2011/05/14 10:41:50 | 000,001,202 | ---- | C] () -- C:\Users\Pippa\Desktop\Continue Messenger Plus! Installation.lnk
[2010/11/30 02:05:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/05 00:44:24 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/08/05 00:44:24 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/08/05 00:44:24 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/08/05 00:44:24 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/08/05 00:44:24 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/08/05 00:44:24 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/08/05 00:44:24 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/08/05 00:44:24 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/08/05 00:44:24 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/08/05 00:44:24 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/08/05 00:44:24 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/08/05 00:44:24 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/08/05 00:44:24 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/08/05 00:44:24 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/08/05 00:44:24 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/08/05 00:44:24 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/08/05 00:44:24 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/08/05 00:44:24 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/08/05 00:44:24 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/07/30 11:49:48 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\FoxImager.dll
[2010/05/25 22:42:59 | 000,000,004 | ---- | C] () -- C:\Users\Pippa\AppData\Roaming\ovczpx.dat
[2010/05/25 21:18:19 | 000,722,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/25 08:26:46 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010/02/25 08:03:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/28 05:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll

========== LOP Check ==========

[2011/05/02 11:44:51 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\Audacity
[2010/11/08 15:00:30 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/16 02:49:23 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\DAEMON Tools Lite
[2011/04/25 10:37:02 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011/05/06 18:51:15 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\InfraRecorder
[2011/05/02 11:20:57 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\Leadertech
[2011/01/21 00:02:34 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\Local
[2010/05/25 21:19:51 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\NVD
[2011/02/27 23:16:00 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\Rovio
[2010/09/20 22:10:09 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\SoftGrid Client
[2010/10/20 10:38:59 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/05/13 00:19:25 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\Toshiba
[2010/05/25 21:19:11 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\TP
[2011/06/12 22:24:54 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\uTorrent
[2010/07/27 14:04:56 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\WildTangent
[2011/01/05 22:13:00 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\Windows Live Writer
[2010/12/22 00:58:02 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\Ylwami
[2010/12/22 00:29:42 | 000,000,000 | ---D | M] -- C:\Users\Pippa\AppData\Roaming\Ynem
[2011/05/15 16:19:34 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/05/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011/02/07 09:55:18 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
maliprog
Posted 14 June 2011 - 03:04 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello LushiePippa and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..network.proxy.backup.ftp: "WifiProxy.harrow.ac.uk"
    FF - prefs.js..network.proxy.backup.ftp_port: 8080
    FF - prefs.js..network.proxy.backup.gopher: "WifiProxy.harrow.ac.uk"
    FF - prefs.js..network.proxy.backup.gopher_port: 8080
    FF - prefs.js..network.proxy.backup.socks: "WifiProxy.harrow.ac.uk"
    FF - prefs.js..network.proxy.backup.socks_port: 8080
    FF - prefs.js..network.proxy.backup.ssl: "WifiProxy.harrow.ac.uk"
    FF - prefs.js..network.proxy.backup.ssl_port: 8080
    FF - prefs.js..network.proxy.ftp: "WifiProxy.harrow.ac.uk"
    FF - prefs.js..network.proxy.ftp_port: 8080
    FF - prefs.js..network.proxy.gopher: "WifiProxy.harrow.ac.uk"
    FF - prefs.js..network.proxy.gopher_port: 8080
    FF - prefs.js..network.proxy.http: "WifiProxy.harrow.ac.uk"
    FF - prefs.js..network.proxy.http_port: 8080
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "WifiProxy.harrow.ac.uk"
    FF - prefs.js..network.proxy.socks_port: 8080
    FF - prefs.js..network.proxy.ssl: "WifiProxy.harrow.ac.uk"
    FF - prefs.js..network.proxy.ssl_port: 8080
    FF - prefs.js..network.proxy.type: 0
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [binupdt700max.exe] File not found
    O4 - HKCU..\Run: [EA Core] File not found
    O4 - HKCU..\Run: [smcnxoewra.exe] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
LushiePippa
Posted 14 June 2011 - 12:26 PM

LushiePippa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the OTL log. I realised though that the proxy is only the one I use for college, not at home, will this make any difference? I don't need it anymore as I have finished, so if it has removed it all, that is fine.

========== OTL ==========
Prefs.js: "WifiProxy.harrow.ac.uk" removed from network.proxy.backup.ftp
Prefs.js: 8080 removed from network.proxy.backup.ftp_port
Prefs.js: "WifiProxy.harrow.ac.uk" removed from network.proxy.backup.gopher
Prefs.js: 8080 removed from network.proxy.backup.gopher_port
Prefs.js: "WifiProxy.harrow.ac.uk" removed from network.proxy.backup.socks
Prefs.js: 8080 removed from network.proxy.backup.socks_port
Prefs.js: "WifiProxy.harrow.ac.uk" removed from network.proxy.backup.ssl
Prefs.js: 8080 removed from network.proxy.backup.ssl_port
Prefs.js: "WifiProxy.harrow.ac.uk" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "WifiProxy.harrow.ac.uk" removed from network.proxy.gopher
Prefs.js: 8080 removed from network.proxy.gopher_port
Prefs.js: "WifiProxy.harrow.ac.uk" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "WifiProxy.harrow.ac.uk" removed from network.proxy.socks
Prefs.js: 8080 removed from network.proxy.socks_port
Prefs.js: "WifiProxy.harrow.ac.uk" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\binupdt700max.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\smcnxoewra.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Pippa\Downloads\cmd.bat deleted successfully.
C:\Users\Pippa\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.24.0 log created on 06142011_191901
  • 0

#4
LushiePippa
Posted 14 June 2011 - 01:43 PM

LushiePippa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ComboFix Log:

ComboFix 11-06-13.06 - Pippa 14/06/2011 19:33:24.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3958.2208 [GMT 1:00]
Running from: c:\users\Pippa\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Pippa\AppData\Local\{FA199514-5481-4A6F-AEE4-3AC4DBCD4FED}
c:\users\Pippa\AppData\Local\{FA199514-5481-4A6F-AEE4-3AC4DBCD4FED}\chrome.manifest
c:\users\Pippa\AppData\Local\{FA199514-5481-4A6F-AEE4-3AC4DBCD4FED}\chrome\content\_cfg.js
c:\users\Pippa\AppData\Local\{FA199514-5481-4A6F-AEE4-3AC4DBCD4FED}\chrome\content\overlay.xul
c:\users\Pippa\AppData\Local\{FA199514-5481-4A6F-AEE4-3AC4DBCD4FED}\install.rdf
c:\users\Pippa\AppData\Roaming\Local
c:\users\Pippa\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Pippa\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Pippa\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\users\Pippa\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Pippa\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\users\Pippa\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\xznfuxjtpjty.avi.ddp
c:\users\Pippa\AppData\Roaming\Local\Temp\DDM\Settings\xznfuxjtpjty.avi.ddr
.
.
((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 )))))))))))))))))))))))))))))))
.
.
2011-06-14 18:39 . 2011-06-14 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-14 18:29 . 2011-06-14 18:30 -------- d-----w- C:\32788R22FWJFW
2011-06-14 18:21 . 2011-06-14 18:21 -------- d-----w- c:\users\Pippa\AppData\Local\{820EFD06-CC57-41A2-92B9-92DFEE73BC50}
2011-06-14 18:19 . 2011-06-14 18:19 -------- d-----w- C:\_OTL
2011-06-14 10:07 . 2011-05-24 18:12 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BF4E5F5-DB63-4DD7-B264-A4965E9FC6C8}\mpengine.dll
2011-06-13 19:44 . 2011-06-13 19:44 -------- d-----w- c:\users\Pippa\AppData\Local\{42CCAE5A-9CEF-4969-B0CD-2A984A08AA40}
2011-06-13 05:31 . 2011-06-13 05:31 -------- d-----w- c:\users\Pippa\AppData\Local\{A9F7C07A-CD86-4704-9E7B-B03817A8DF06}
2011-06-12 15:13 . 2011-06-12 15:14 -------- d-----w- c:\users\Pippa\AppData\Local\{2D9A935A-8CD6-46B7-9495-9CABDA914FF2}
2011-06-12 07:18 . 2011-06-12 07:18 -------- d-----w- c:\users\Pippa\AppData\Local\{4F06067E-5CD3-418A-AFD5-8AA2C8894008}
2011-06-11 23:36 . 2011-06-11 23:36 -------- d-----w- c:\users\Pippa\AppData\Local\{3A25AE3B-E07A-4AF6-A8D6-4A23C46209D7}
2011-06-11 23:32 . 2011-06-11 23:32 -------- d-----w- c:\users\Pippa\AppData\Local\{4B744926-3C3C-455A-847E-15C0C65AF3AF}
2011-06-11 11:40 . 2011-06-11 11:41 -------- d-----w- c:\users\House
2011-06-11 11:15 . 2011-06-11 11:16 -------- d-----w- c:\users\Pippa\AppData\Local\{209BAA32-AA97-4328-B35D-99813E8F8FDD}
2011-06-09 21:24 . 2011-06-09 21:24 -------- d-----w- c:\users\Pippa\AppData\Local\{978AB4CF-9C88-4AC6-BF19-A3AE7F683553}
2011-06-08 14:27 . 2011-06-08 14:27 -------- d-----w- c:\users\Pippa\AppData\Local\{7952ADCF-2718-4BA9-954D-4A1BE260D78D}
2011-06-07 19:16 . 2011-06-07 19:17 -------- d-----w- c:\users\Pippa\AppData\Local\{55AC0825-C39B-4529-9B47-F6F86D49CA48}
2011-06-07 19:16 . 2011-06-07 19:16 -------- d-----w- c:\users\Pippa\AppData\Local\{F7E8B8F8-1297-4038-AC5C-CAAC994C6BEE}
2011-06-07 07:15 . 2011-06-07 07:15 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-07 07:15 . 2011-06-07 07:16 -------- d-----w- c:\users\Pippa\AppData\Local\{1790F184-E088-4AC6-B108-490B5AAE721F}
2011-06-05 18:49 . 2011-06-06 06:50 -------- d-----w- c:\users\Pippa\AppData\Local\{6093C674-A849-4980-A1CA-22091DC870D2}
2011-06-04 21:38 . 2011-06-04 21:38 -------- d-----w- c:\users\Pippa\AppData\Local\{E38091C0-A0B3-4063-A714-2A5B8580DBCF}
2011-06-04 21:07 . 2011-06-04 21:07 -------- d-----w- c:\users\Pippa\AppData\Local\{192DA1B2-1D41-49C2-86AB-15CE4B18F0DE}
2011-06-04 08:25 . 2011-06-04 08:25 -------- d-----w- c:\users\Pippa\AppData\Local\{890A8EBE-0DFE-4E90-B34E-4569C9187FC8}
2011-06-03 10:08 . 2011-06-03 10:08 -------- d-----w- c:\users\Pippa\AppData\Local\{3877D2CD-611A-4542-99A9-664C354E8566}
2011-06-03 09:50 . 2011-06-03 09:50 -------- d-----w- c:\users\Pippa\AppData\Local\{87FB3AA7-7028-4AE5-8DF6-06754B6DCEA8}
2011-06-02 08:13 . 2011-06-02 08:13 -------- d-----w- c:\users\Pippa\AppData\Local\{0BCE5243-DC28-4E57-9EDF-3CC302A740DE}
2011-06-01 12:37 . 1999-09-09 10:28 446464 ----a-w- c:\windows\SysWow64\HHActiveX.dll
2011-06-01 12:29 . 2011-06-01 12:29 -------- d-----w- c:\users\Pippa\AppData\Local\{A7DF8AF5-1932-4CF8-8CB7-D20229D1E1D8}
2011-05-31 20:57 . 2011-05-31 20:57 -------- d-----w- c:\users\Pippa\AppData\Local\{A1F39953-9332-44C4-AE73-27A998A6A3D4}
2011-05-30 11:33 . 2011-05-30 11:33 -------- d-----w- C:\VritualRoot
2011-05-30 11:24 . 2011-05-30 11:24 -------- d-----w- c:\users\Pippa\AppData\Local\{D9750C27-2907-46E2-8D64-1DD53F9F4173}
2011-05-30 10:58 . 2011-05-30 10:58 -------- d-----w- c:\program files\COMODO
2011-05-30 10:57 . 2011-05-30 13:56 -------- d-----w- c:\programdata\Comodo
2011-05-30 10:26 . 2011-05-30 10:26 -------- d-----w- c:\users\Pippa\AppData\Local\SKIDROW
2011-05-30 09:43 . 2011-05-30 09:43 -------- d-----w- c:\program files (x86)\Valve
2011-05-29 15:21 . 2011-05-29 15:21 -------- d-----w- c:\users\Pippa\AppData\Local\{0506D548-7DAD-4B70-8C8A-0E9E419F2F81}
2011-05-28 09:53 . 2011-05-28 09:54 -------- d-----w- c:\users\Pippa\AppData\Local\{F21277AA-A246-43B9-870D-7376F3732368}
2011-05-27 20:31 . 2011-05-27 20:32 -------- d-----w- c:\users\Pippa\AppData\Local\{31FC6DB3-B3C9-44D8-8E6C-5187149E5E85}
2011-05-27 08:31 . 2011-05-27 08:31 -------- d-----w- c:\users\Pippa\AppData\Local\{547FB673-7634-470D-9726-2B77C9D03558}
2011-05-25 16:40 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-25 16:31 . 2011-05-25 16:31 -------- d-----w- c:\users\Pippa\AppData\Local\{07B78C2E-61BB-47CB-AAD7-9318C8987BB6}
2011-05-24 07:54 . 2011-05-24 07:54 -------- d-----w- c:\users\Pippa\AppData\Local\{CA564964-3A04-4569-AE78-A81AFC3387D8}
2011-05-24 07:52 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-24 07:52 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-20 22:57 . 2011-05-20 22:58 -------- d-----w- c:\users\Pippa\AppData\Local\{C544C40C-2BB1-42AC-BBBE-B13C4516FCA1}
2011-05-19 22:56 . 2011-05-20 10:57 -------- d-----w- c:\users\Pippa\AppData\Local\{1E807D33-EE3D-4F02-9025-58DEE43B278B}
2011-05-18 23:24 . 2011-05-18 23:24 -------- d--h--w- c:\programdata\CanonIJSolutionMenuEX
2011-05-18 23:24 . 2011-05-18 23:24 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2011-05-18 23:24 . 2011-05-18 23:24 -------- d--h--w- c:\programdata\CanonEPP
2011-05-18 23:24 . 2011-05-18 23:24 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2011-05-18 23:16 . 2011-06-11 18:32 -------- d-----w- c:\programdata\CanonIJPLM
2011-05-18 23:14 . 2011-05-18 23:14 -------- d-----w- c:\programdata\Canon IJ Network Tool
2011-05-18 23:13 . 2010-03-18 18:25 307200 ----a-w- c:\windows\SysWow64\CNC5200L.dll
2011-05-18 23:13 . 2010-03-18 16:11 106496 ----a-w- c:\windows\SysWow64\CNC5200U.dll
2011-05-18 23:13 . 2008-08-25 17:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2011-05-18 23:12 . 2011-05-18 23:12 -------- d-----w- c:\programdata\CanonIJMSetup
2011-05-18 23:04 . 2011-05-18 23:04 -------- d-----w- c:\program files\Common Files\CANON
2011-05-18 23:04 . 2011-05-18 23:04 -------- d-----w- c:\programdata\CanonIJWSpt
2011-05-18 23:01 . 2011-05-18 23:01 -------- d-----w- c:\program files\Canon
2011-05-18 22:59 . 2010-04-07 04:00 87040 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAE.DLL
2011-05-18 22:59 . 2010-04-07 04:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAE.DLL
2011-05-18 22:59 . 2011-05-18 22:59 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-05-18 22:58 . 2010-04-07 04:00 361472 ----a-w- c:\windows\system32\CNMLMAE.DLL
2011-05-18 22:58 . 2010-03-10 23:57 248320 ----a-w- c:\windows\system32\CNMIUAE.DLL
2011-05-18 22:57 . 2011-05-18 22:57 -------- d-----w- c:\windows\system32\STRING
2011-05-18 22:57 . 2010-02-05 01:37 37376 ----a-w- c:\windows\system32\CNMN6UI.DLL
2011-05-18 22:57 . 2010-02-05 01:37 327680 ----a-w- c:\windows\system32\CNMN6PPM.DLL
2011-05-18 22:56 . 2011-05-18 23:24 -------- d-----w- c:\program files (x86)\Canon
2011-05-18 17:43 . 2011-05-18 17:44 -------- d-----w- c:\users\Pippa\AppData\Local\{07BE8FAA-ED1B-4F82-9139-F7B335779F7B}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 08:11 . 2010-09-18 18:52 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 08:11 . 2010-09-18 18:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 18:14 . 2010-05-01 16:06 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-07 15:17 . 2011-05-07 15:17 92688 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-05-02 19:36 . 2011-05-02 19:36 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-05-02 19:36 . 2011-05-02 19:36 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-05-02 19:36 . 2011-05-02 19:36 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-05-02 19:36 . 2011-05-02 19:36 284744 ----a-w- c:\windows\SysWow64\guard32.dll
2011-05-02 19:36 . 2011-05-02 19:36 360976 ----a-w- c:\windows\system32\guard64.dll
2011-04-09 06:45 . 2011-05-11 17:22 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 17:22 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 17:22 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-06 15:26 . 2011-04-06 15:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:26 . 2011-04-06 15:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-25 03:23 . 2011-05-11 17:21 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:23 . 2011-05-11 17:21 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:23 . 2011-05-11 17:21 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:22 . 2011-05-11 17:21 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:22 . 2011-05-11 17:21 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:22 . 2011-05-11 17:21 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:22 . 2011-05-11 17:21 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 12:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 12:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe" [2009-08-12 6203296]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-08 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\House\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-30 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-30 135664]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam S7500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 225280]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-10-15 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-30 16:53]
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-30 16:53]
.
2011-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-04-30 11:22]
.
2011-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-04-30 11:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-10-15 1050000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-08-25 134032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-09 9057608]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D7274FD8-E90E-4952-8CFB-BB9468E8AEAF}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{D7274FD8-E90E-4952-8CFB-BB9468E8AEAF}\6514254414E4: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{D7274FD8-E90E-4952-8CFB-BB9468E8AEAF}\84162727F67734F6C6C6567656: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{E7189F16-F305-438F-B7E5-9680356C1BAD}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Pippa\AppData\Roaming\Mozilla\Firefox\Profiles\0sqc1yhz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.ftp -
FF - prefs.js: network.proxy.ftp_port -
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port -
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.socks -
FF - prefs.js: network.proxy.socks_port -
FF - prefs.js: network.proxy.ssl -
FF - prefs.js: network.proxy.ssl_port -
FF - prefs.js: network.proxy.type -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2011-06-14 19:48:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-14 18:48
.
Pre-Run: 42,588,229,632 bytes free
Post-Run: 42,238,779,392 bytes free
.
- - End Of File - - D124CBD71874171A7A831D8BA64F83C9
  • 0

#5
LushiePippa
Posted 14 June 2011 - 01:44 PM

LushiePippa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
aswMBR log:

aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-14 20:23:57
-----------------------------
20:23:57.607 OS Version: Windows x64 6.1.7600
20:23:57.607 Number of processors: 4 586 0x2502
20:23:57.608 ComputerName: PIPPA-MEH UserName: Pippa
20:23:58.411 Initialize success
20:24:04.418 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:24:04.420 Disk 0 Vendor: TOSHIBA_ FG02 Size: 305245MB BusType: 3
20:24:04.423 Disk 0 MBR read error 0
20:24:04.425 Disk 0 MBR scan
20:24:04.427 Disk 0 unknown MBR code
20:24:04.429 MBR BIOS signature not found 0
20:24:04.432 Service scanning
20:24:07.370 Disk 0 trace - called modules:
20:24:07.424 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spah.sys hal.dll
20:24:07.429 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006897060]
20:24:07.432 3 CLASSPNP.SYS[fffff88001b4443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a0d050]
20:24:07.435 Scan finished successfully
20:24:38.865 Disk 0 MBR has been saved successfully to "C:\Users\Pippa\Desktop\MBR.dat"
20:24:38.865 The log file has been saved successfully to "C:\Users\Pippa\Desktop\aswMBR.txt"
20:26:02.737 Disk 0 MBR has been saved successfully to "C:\Users\Pippa\Desktop\MBR.dat"
20:26:02.745 The log file has been saved successfully to "C:\Users\Pippa\Desktop\aswmbr log.txt"
  • 0

#6
LushiePippa
Posted 14 June 2011 - 03:11 PM

LushiePippa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Am I missing anything?
  • 0

#7
maliprog
Posted 14 June 2011 - 11:07 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi LushiePippa,

You did it all! How is your system now? Do you still get redirected?

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

  • 0

#8
LushiePippa
Posted 16 June 2011 - 03:33 AM

LushiePippa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I don't seem to be being redirected anymore, yay!

Here is the TDSSkiller log:

2011/06/16 10:31:53.0241 5524 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/16 10:31:54.0816 5524 ================================================================================
2011/06/16 10:31:54.0816 5524 SystemInfo:
2011/06/16 10:31:54.0816 5524
2011/06/16 10:31:54.0816 5524 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/16 10:31:54.0816 5524 Product type: Workstation
2011/06/16 10:31:54.0816 5524 ComputerName: PIPPA-MEH
2011/06/16 10:31:54.0816 5524 UserName: Pippa
2011/06/16 10:31:54.0816 5524 Windows directory: C:\Windows
2011/06/16 10:31:54.0816 5524 System windows directory: C:\Windows
2011/06/16 10:31:54.0816 5524 Running under WOW64
2011/06/16 10:31:54.0816 5524 Processor architecture: Intel x64
2011/06/16 10:31:54.0816 5524 Number of processors: 4
2011/06/16 10:31:54.0816 5524 Page size: 0x1000
2011/06/16 10:31:54.0816 5524 Boot type: Normal boot
2011/06/16 10:31:54.0816 5524 ================================================================================
2011/06/16 10:31:55.0399 5524 Initialize success
2011/06/16 10:32:09.0005 0852 ================================================================================
2011/06/16 10:32:09.0005 0852 Scan started
2011/06/16 10:32:09.0005 0852 Mode: Manual;
2011/06/16 10:32:09.0005 0852 ================================================================================
2011/06/16 10:32:10.0325 0852 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/16 10:32:10.0464 0852 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/16 10:32:10.0568 0852 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/16 10:32:10.0734 0852 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/16 10:32:10.0881 0852 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/16 10:32:11.0026 0852 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/16 10:32:11.0171 0852 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/06/16 10:32:11.0335 0852 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/06/16 10:32:11.0470 0852 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/16 10:32:11.0611 0852 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/16 10:32:11.0767 0852 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/16 10:32:11.0891 0852 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/16 10:32:12.0025 0852 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/16 10:32:12.0171 0852 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/06/16 10:32:12.0303 0852 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/16 10:32:12.0434 0852 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/06/16 10:32:12.0570 0852 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/16 10:32:12.0738 0852 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/16 10:32:12.0874 0852 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/16 10:32:13.0029 0852 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/16 10:32:13.0156 0852 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/16 10:32:13.0433 0852 atikmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/16 10:32:13.0709 0852 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/16 10:32:13.0849 0852 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/16 10:32:13.0983 0852 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/16 10:32:14.0144 0852 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/16 10:32:14.0311 0852 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/16 10:32:14.0448 0852 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/16 10:32:14.0548 0852 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/16 10:32:14.0691 0852 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/16 10:32:14.0825 0852 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/16 10:32:14.0960 0852 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/16 10:32:15.0083 0852 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/16 10:32:15.0185 0852 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/16 10:32:15.0533 0852 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/16 10:32:15.0676 0852 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/16 10:32:15.0821 0852 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/16 10:32:15.0945 0852 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/16 10:32:16.0100 0852 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/16 10:32:16.0242 0852 cmderd (79e33c4c8719965a650955c139970841) C:\Windows\system32\DRIVERS\cmderd.sys
2011/06/16 10:32:16.0385 0852 cmdGuard (6ad70719603268981e37961aebbe0098) C:\Windows\system32\DRIVERS\cmdguard.sys
2011/06/16 10:32:16.0524 0852 cmdHlp (c11a9b345fb92c99463b1b5a4624a131) C:\Windows\system32\DRIVERS\cmdhlp.sys
2011/06/16 10:32:16.0641 0852 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/16 10:32:16.0778 0852 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/16 10:32:16.0921 0852 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/16 10:32:17.0055 0852 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/16 10:32:17.0201 0852 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/16 10:32:17.0359 0852 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/06/16 10:32:17.0494 0852 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/16 10:32:17.0635 0852 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/16 10:32:17.0789 0852 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/16 10:32:17.0950 0852 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/16 10:32:18.0146 0852 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/16 10:32:18.0378 0852 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/16 10:32:18.0542 0852 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/16 10:32:18.0698 0852 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/16 10:32:18.0807 0852 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/16 10:32:18.0945 0852 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/16 10:32:19.0089 0852 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/16 10:32:19.0185 0852 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/16 10:32:19.0317 0852 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/16 10:32:19.0411 0852 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/16 10:32:19.0550 0852 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/16 10:32:19.0646 0852 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/16 10:32:19.0782 0852 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/16 10:32:19.0913 0852 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/16 10:32:20.0062 0852 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/16 10:32:20.0239 0852 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/16 10:32:20.0371 0852 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/16 10:32:20.0503 0852 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/16 10:32:20.0632 0852 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/06/16 10:32:20.0731 0852 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/16 10:32:20.0829 0852 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/16 10:32:20.0960 0852 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/16 10:32:21.0084 0852 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/16 10:32:21.0253 0852 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/16 10:32:21.0386 0852 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/16 10:32:21.0485 0852 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/16 10:32:21.0621 0852 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/16 10:32:21.0732 0852 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/16 10:32:21.0897 0852 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/06/16 10:32:22.0029 0852 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/16 10:32:22.0184 0852 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
2011/06/16 10:32:22.0303 0852 inspect (df84ed3292a87521621b9fee4c0e07bb) C:\Windows\system32\DRIVERS\inspect.sys
2011/06/16 10:32:22.0491 0852 IntcAzAudAddService (59b0bba422f04467e8c89b7ce6ae95e1) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/16 10:32:22.0629 0852 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/16 10:32:22.0757 0852 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/16 10:32:22.0881 0852 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/16 10:32:23.0013 0852 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/16 10:32:23.0137 0852 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/16 10:32:23.0322 0852 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/16 10:32:23.0451 0852 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/16 10:32:23.0566 0852 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/16 10:32:23.0702 0852 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/16 10:32:23.0820 0852 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/16 10:32:23.0950 0852 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/16 10:32:24.0072 0852 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/16 10:32:24.0202 0852 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/16 10:32:24.0342 0852 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/16 10:32:24.0526 0852 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\Windows\system32\DRIVERS\LPCFilter.sys
2011/06/16 10:32:24.0665 0852 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/16 10:32:24.0798 0852 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/16 10:32:24.0922 0852 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/16 10:32:25.0044 0852 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/16 10:32:25.0144 0852 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/16 10:32:25.0412 0852 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
2011/06/16 10:32:25.0699 0852 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
2011/06/16 10:32:25.0979 0852 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/06/16 10:32:26.0086 0852 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/16 10:32:26.0208 0852 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/16 10:32:26.0356 0852 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
2011/06/16 10:32:26.0460 0852 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
2011/06/16 10:32:26.0605 0852 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/16 10:32:26.0737 0852 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/16 10:32:26.0852 0852 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/16 10:32:26.0977 0852 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/16 10:32:27.0106 0852 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/16 10:32:27.0237 0852 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys
2011/06/16 10:32:27.0370 0852 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/16 10:32:27.0478 0852 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/16 10:32:27.0576 0852 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/16 10:32:27.0697 0852 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/16 10:32:27.0813 0852 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/16 10:32:27.0926 0852 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/16 10:32:28.0082 0852 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/16 10:32:28.0193 0852 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/16 10:32:28.0342 0852 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/16 10:32:28.0468 0852 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/16 10:32:28.0567 0852 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/16 10:32:28.0711 0852 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/16 10:32:28.0845 0852 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/16 10:32:28.0978 0852 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/16 10:32:29.0086 0852 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/16 10:32:29.0193 0852 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/16 10:32:29.0310 0852 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/16 10:32:29.0412 0852 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/16 10:32:29.0513 0852 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/16 10:32:29.0658 0852 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/16 10:32:29.0811 0852 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/16 10:32:29.0941 0852 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/16 10:32:30.0069 0852 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/16 10:32:30.0194 0852 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/16 10:32:30.0304 0852 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/16 10:32:30.0423 0852 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/16 10:32:30.0571 0852 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/16 10:32:30.0684 0852 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/16 10:32:30.0853 0852 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/16 10:32:30.0981 0852 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/16 10:32:31.0085 0852 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/16 10:32:31.0248 0852 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/06/16 10:32:31.0355 0852 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/16 10:32:31.0480 0852 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/06/16 10:32:31.0626 0852 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/06/16 10:32:31.0728 0852 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/16 10:32:31.0846 0852 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/16 10:32:32.0041 0852 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/16 10:32:32.0144 0852 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/16 10:32:32.0254 0852 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/16 10:32:32.0417 0852 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/16 10:32:32.0533 0852 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/16 10:32:32.0650 0852 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/16 10:32:32.0771 0852 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/16 10:32:32.0945 0852 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
2011/06/16 10:32:33.0116 0852 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/16 10:32:33.0219 0852 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/16 10:32:33.0356 0852 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/16 10:32:33.0514 0852 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/16 10:32:33.0667 0852 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/16 10:32:33.0773 0852 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/16 10:32:33.0923 0852 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/16 10:32:34.0053 0852 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/16 10:32:34.0180 0852 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/16 10:32:34.0333 0852 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/16 10:32:34.0467 0852 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/16 10:32:34.0502 0852 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/16 10:32:34.0600 0852 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/16 10:32:34.0728 0852 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/16 10:32:34.0858 0852 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/16 10:32:34.0991 0852 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/16 10:32:35.0093 0852 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/16 10:32:35.0265 0852 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/06/16 10:32:35.0431 0852 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/06/16 10:32:35.0568 0852 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/16 10:32:35.0703 0852 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
2011/06/16 10:32:35.0862 0852 RTHDMIAzAudService (483c537e69fa97c77f7fe0e2e1c1f102) C:\Windows\system32\drivers\RtHDMIVX.sys
2011/06/16 10:32:36.0019 0852 RTL8167 (365ed58b47b46de8b1c5fa759b6fcd6e) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/16 10:32:36.0172 0852 RTL8187Se (3ec7911ed886dc5d8a9f70129254679c) C:\Windows\system32\DRIVERS\RTL8187Se.sys
2011/06/16 10:32:36.0386 0852 rtl8192se (a8ed9726734d403217a4861a6788b144) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/06/16 10:32:36.0506 0852 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/16 10:32:36.0626 0852 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/16 10:32:36.0775 0852 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/16 10:32:36.0945 0852 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/16 10:32:37.0083 0852 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/16 10:32:37.0328 0852 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/16 10:32:37.0462 0852 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/16 10:32:37.0640 0852 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/16 10:32:37.0796 0852 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/16 10:32:38.0063 0852 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/16 10:32:38.0231 0852 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/16 10:32:38.0381 0852 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/16 10:32:38.0491 0852 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/16 10:32:38.0637 0852 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/16 10:32:38.0897 0852 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/06/16 10:32:38.0897 0852 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/06/16 10:32:38.0927 0852 sptd - detected LockedFile.Multi.Generic (1)
2011/06/16 10:32:39.0122 0852 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/06/16 10:32:39.0268 0852 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/16 10:32:39.0405 0852 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/16 10:32:39.0554 0852 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/16 10:32:39.0796 0852 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/16 10:32:40.0041 0852 SynTP (e28ca52ecf8cb6eb04b34de440ba260e) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/16 10:32:40.0255 0852 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/06/16 10:32:40.0534 0852 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/16 10:32:40.0651 0852 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/16 10:32:40.0807 0852 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/06/16 10:32:40.0847 0852 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/16 10:32:40.0948 0852 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/16 10:32:41.0092 0852 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/16 10:32:41.0271 0852 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/16 10:32:41.0551 0852 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys
2011/06/16 10:32:41.0753 0852 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/16 10:32:41.0940 0852 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/16 10:32:42.0121 0852 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/06/16 10:32:42.0320 0852 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
2011/06/16 10:32:42.0427 0852 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/16 10:32:42.0588 0852 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/16 10:32:42.0704 0852 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/16 10:32:42.0878 0852 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/16 10:32:43.0027 0852 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/16 10:32:43.0255 0852 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/06/16 10:32:43.0423 0852 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/06/16 10:32:43.0616 0852 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/16 10:32:43.0791 0852 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/16 10:32:44.0026 0852 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
2011/06/16 10:32:44.0190 0852 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/16 10:32:44.0335 0852 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
2011/06/16 10:32:44.0522 0852 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/16 10:32:44.0680 0852 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/16 10:32:44.0782 0852 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/16 10:32:44.0915 0852 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
2011/06/16 10:32:45.0100 0852 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/06/16 10:32:45.0267 0852 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/06/16 10:32:45.0404 0852 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/16 10:32:45.0547 0852 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/16 10:32:45.0585 0852 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/16 10:32:45.0722 0852 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/16 10:32:45.0910 0852 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/16 10:32:46.0045 0852 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/16 10:32:46.0174 0852 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/16 10:32:46.0328 0852 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/16 10:32:46.0517 0852 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/16 10:32:46.0633 0852 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/16 10:32:46.0737 0852 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/16 10:32:46.0863 0852 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/16 10:32:47.0011 0852 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/16 10:32:47.0044 0852 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/16 10:32:47.0236 0852 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/16 10:32:47.0367 0852 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/16 10:32:47.0574 0852 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/16 10:32:47.0689 0852 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/16 10:32:47.0894 0852 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/16 10:32:48.0056 0852 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/16 10:32:48.0211 0852 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/16 10:32:48.0363 0852 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/16 10:32:48.0603 0852 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/16 10:32:48.0711 0852 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/16 10:32:48.0732 0852 MBR (0x1B8) (11a7c28e7f9aea782cb41103682d7898) \Device\Harddisk1\DR1
2011/06/16 10:32:48.0912 0852 ================================================================================
2011/06/16 10:32:48.0912 0852 Scan finished
2011/06/16 10:32:48.0912 0852 ================================================================================
2011/06/16 10:32:48.0923 5776 Detected object count: 1
2011/06/16 10:32:48.0923 5776 Actual detected object count: 1
2011/06/16 10:32:52.0375 5776 LockedFile.Multi.Generic(sptd) - User select action: Skip
  • 0

#9
maliprog
Posted 16 June 2011 - 03:44 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Great news :)! Any problems now?
  • 0

#10
LushiePippa
Posted 16 June 2011 - 05:48 AM

LushiePippa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I don't think so! Thankyou very much. Seeing as both comodo and malwarebytes didn't pick up on it, are there any other antivirus programmes I should use instead?
  • 0

Advertisements

#11
maliprog
Posted 16 June 2011 - 05:57 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Comodo and Malwarebytes are fine but they are not build for this kind of infection. This is pretty specific infection and that is why we used specialized tools for it.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#12
LushiePippa
Posted 16 June 2011 - 08:55 AM

LushiePippa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
For some reason I keep getting errors saying that I can't download either the TFC or the update checker because "(file) could not be saved, because you cannot change the contents of that folder. Change folder properties again, or try saving in a different location."

I changed the location and it still came up with the same error... Very confused!

When I check the properties of the folder, it says 'read only', but even when I un-check it and re open the folder, it is read only again! Could this be related to the virus?

Edited by LushiePippa, 16 June 2011 - 09:01 AM.

  • 0

#13
maliprog
Posted 16 June 2011 - 09:59 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
This problem is usually system problem.

Microsoft explanation:
Unlike the Read-only attribute for a file, the Read-only attribute for a folder is typically ignored by Windows, Windows components and accessories, and other programs. For example, you can delete, rename, and change a folder with the Read-only attribute by using Windows Explorer. The Read-only and System attributes is only used by Windows Explorer to determine whether the folder is a special folder, such as a system folder that has its view customized by Windows (for example, My Documents, Favorites, Fonts, Downloaded Program Files), or a folder that you customized by using the Customize tab of the folder's Properties dialog box. As a result, Windows Explorer does not allow you to view or change the Read-only or System attributes of folders.

First:

  • Please try to copy and past any file to that folder. This should work...
  • Try to use different browser

Then:

  • Go to Start -> My Computer
  • Right click on C: disk and clik on Properties
  • Click on tab Tools and click on Check now... button
  • Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
  • Click Start button
  • Confirm schedule disk check next time computer starts with Yes button
  • Restart your system and wait while system checks your disk for errors

  • 0

#14
LushiePippa
Posted 17 June 2011 - 01:43 PM

LushiePippa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I was able to copy and paste into the folder, and trying a different browser also worked.

I then did the error check thing and nothing seemed to change... I still seem to have the same problem! But only with certain files - all the downloads in your previous post about the TFC and update checker didn't work, yet if I go to download OFT again, it's fine.

Very strange!
  • 0

#15
maliprog
Posted 17 June 2011 - 02:57 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi LushiePippa,

By your error message you have problem with Firefox. Can you try steps described in This Article

Let me know the results.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP