Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vista internet security 2012 infection on laptop


  • Please log in to reply

#1
Epsilon

Epsilon

    Member

  • Member
  • PipPip
  • 63 posts
Hi, i'm trying to find some assistance to help fix this issue for my dad, its his laptop (note - he doesn't like to keep things up to date on it, windows updates, java, adobe, avira, malwarebytes, or run scans at least once a week). I've done some searching of the same infection on geekstogo.com and everything is similiar except we can still get into the inernet once in a while without it popping up in our face. But it does like to pop up quite often. I have tryed to run a scan with avira, and malwarebytes (full scan) and got one thing from malwarebytes but I don't believe it had relevance to the current infection. Look forward to anybody who can assist thanks. OTL log;


OTL logfile created on: 07/07/2011 12:04:50 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\bill\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 49.66% Memory free
5.95 Gb Paging File | 4.26 Gb Available in Paging File | 71.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216.33 Gb Total Space | 143.93 Gb Free Space | 66.53% Space Free | Partition Type: NTFS
Drive D: | 7.59 Gb Total Space | 7.53 Gb Free Space | 99.14% Space Free | Partition Type: NTFS

Computer Name: BILL-PC | User Name: bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/07 11:32:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\bill\Desktop\OTL.exe
PRC - [2011/07/02 12:59:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/29 20:19:00 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/26 15:20:07 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/03 20:14:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/04/11 01:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2009/03/17 09:59:42 | 000,239,216 | ---- | M] () -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser.exe
PRC - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/03 23:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2007/01/09 01:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe


========== Modules (SafeList) ==========

MOD - [2011/07/07 11:32:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\bill\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/04/11 01:28:21 | 002,241,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2008/01/20 21:49:15 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2006/11/02 04:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2006/11/02 04:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/04/24 18:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/02/06 13:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/10 22:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/12/03 17:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 18:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2011/07/02 12:59:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/29 20:19:00 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/05/28 18:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/03 23:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/02 12:59:08 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/02 12:59:08 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/01/20 06:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/11/29 07:19:28 | 000,028,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008/08/14 10:40:44 | 000,260,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/07/29 05:05:00 | 001,146,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/07/18 18:52:16 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/06/23 10:50:32 | 000,066,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/06/12 05:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/04/28 16:59:26 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008/04/17 13:12:54 | 000,019,304 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/04/15 19:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/02/29 01:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/12/20 16:10:50 | 000,028,200 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/12/11 16:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 14:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKCU..\Run: [2593569234] C:\Users\bill\AppData\Local\mss.exe ()
O4 - HKCU..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.254 142.161.130.155
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\TOSHIBA\wallpapers\wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\wallpapers\wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ed05ad71-14ce-11de-a082-001e33965470}\Shell\AutoRun\command - "" = F:\Bin\ASSETUP.exe
O33 - MountPoints2\{ed05ad74-14ce-11de-a082-001e33965470}\Shell - "" = AutoRun
O33 - MountPoints2\{ed05ad74-14ce-11de-a082-001e33965470}\Shell\AutoRun\command - "" = G:\DTSP_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/07 11:32:35 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\bill\Desktop\OTL.exe
[2011/07/07 11:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/07/06 22:17:33 | 000,000,000 | ---D | C] -- C:\Users\bill\Desktop\tdsskiller
[1 C:\Users\bill\AppData\Local\*.tmp files -> C:\Users\bill\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/07 12:01:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/07 11:32:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\bill\Desktop\OTL.exe
[2011/07/07 11:13:28 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/07 11:13:28 | 000,609,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/07 11:13:28 | 000,108,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/07 11:06:43 | 000,010,812 | -HS- | M] () -- C:\ProgramData\11go6d27ds5ex408l84cxdc12o1k5275217oh5c186
[2011/07/07 11:06:42 | 000,010,812 | -HS- | M] () -- C:\Users\bill\AppData\Local\11go6d27ds5ex408l84cxdc12o1k5275217oh5c186
[2011/07/07 11:06:21 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/07 11:06:02 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/07 11:06:02 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/07 11:05:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/07 11:05:50 | 3082,809,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/06 23:03:15 | 000,000,732 | ---- | M] () -- C:\Users\bill\AppData\Local\d3d9caps64.dat
[2011/07/06 22:56:41 | 000,000,680 | ---- | M] () -- C:\Users\bill\AppData\Local\d3d9caps.dat
[2011/07/06 22:10:18 | 001,327,397 | ---- | M] () -- C:\Users\bill\Desktop\tdsskiller.zip
[2011/07/06 21:51:07 | 000,327,680 | ---- | M] () -- C:\Users\bill\AppData\Local\mss.exe
[2011/07/02 12:59:08 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/07/02 12:59:08 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/07/01 10:15:03 | 000,328,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\bill\AppData\Local\*.tmp files -> C:\Users\bill\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/07 01:50:50 | 3082,809,344 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/06 22:10:18 | 001,327,397 | ---- | C] () -- C:\Users\bill\Desktop\tdsskiller.zip
[2011/07/06 21:51:46 | 000,010,812 | -HS- | C] () -- C:\Users\bill\AppData\Local\11go6d27ds5ex408l84cxdc12o1k5275217oh5c186
[2011/07/06 21:51:46 | 000,010,812 | -HS- | C] () -- C:\ProgramData\11go6d27ds5ex408l84cxdc12o1k5275217oh5c186
[2011/07/06 21:51:07 | 000,327,680 | ---- | C] () -- C:\Users\bill\AppData\Local\mss.exe
[2011/04/03 19:44:49 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Chorus
[2011/04/03 19:44:48 | 000,000,268 | RH-- | C] () -- C:\Users\bill\AppData\Roaming\CMMs
[2011/04/03 19:44:48 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Chiller
[2011/04/03 19:44:48 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Channel
[2011/04/03 19:44:48 | 000,000,268 | RH-- | C] () -- C:\Users\bill\AppData\Roaming\Calibrators
[2011/04/03 19:44:48 | 000,000,268 | RH-- | C] () -- C:\Users\bill\AppData\Roaming\Caches
[2011/04/03 19:44:48 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/04/03 19:44:48 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/04/03 19:44:48 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010/07/21 08:03:31 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/07/21 08:02:42 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/07/21 08:02:30 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/12 12:50:55 | 000,000,000 | RHS- | C] () -- C:\Windows\FFSSET.BIN
[2009/08/12 12:34:26 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/08/12 12:34:26 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/04/04 12:59:42 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/04/04 12:59:41 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/04/04 12:58:18 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2009/04/04 12:58:18 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009/04/04 12:58:18 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009/04/04 11:13:39 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/03/19 16:52:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/18 21:30:37 | 000,009,216 | ---- | C] () -- C:\Users\bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/17 11:03:59 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/03/17 07:39:44 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009/03/17 07:39:44 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009/03/17 07:39:44 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009/03/17 07:39:44 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009/03/17 07:39:44 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009/03/17 07:39:44 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2009/03/17 07:24:38 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2009/03/17 07:24:38 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2009/03/17 07:24:38 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2009/03/17 07:23:04 | 000,000,680 | ---- | C] () -- C:\Users\bill\AppData\Local\d3d9caps.dat
[2009/03/17 07:22:20 | 000,000,732 | ---- | C] () -- C:\Users\bill\AppData\Local\d3d9caps64.dat
[2008/07/10 21:23:59 | 002,192,024 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/07/10 21:23:56 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/07/10 21:23:53 | 000,492,496 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/07/10 20:53:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2011/04/03 19:51:26 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Nikon
[2010/02/06 17:36:23 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\toshiba
[2011/02/05 19:14:27 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Ulead Systems
[2010/02/21 13:42:16 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\WildTangent
[2011/07/06 22:10:39 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)
2. Click the "Configuration" link on the main screen. This opens the configuration panel.
3. Check the "Expert mode" option.
4. Click on General > Security.
5. *Uncheck* the option titled "Protect files and registry entries from manipulation".
6. Click the "OK" button.
7. Reboot your computer.

Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************
:processes
killallprocesses

:OTL
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKCU..\Run: [2593569234] C:\Users\bill\AppData\Local\mss.exe ()
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKLM..\RunOnceEx: [] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O33 - MountPoints2\{ed05ad71-14ce-11de-a082-001e33965470}\Shell\AutoRun\command - "" = F:\Bin\ASSETUP.exe
O33 - MountPoints2\{ed05ad74-14ce-11de-a082-001e33965470}\Shell - "" = AutoRun
O33 - MountPoints2\{ed05ad74-14ce-11de-a082-001e33965470}\Shell\AutoRun\command - "" = G:\DTSP_Launcher.exe
[2011/07/07 11:06:43 | 000,010,812 | -HS- | M] () -- C:\ProgramData\11go6d27ds5ex408l84cxdc12o1k5275217oh5c186
[2011/07/07 11:06:42 | 000,010,812 | -HS- | M] () -- C:\Users\bill\AppData\Local\11go6d27ds5ex408l84cxdc12o1k5275217oh5c186
[2011/07/07 11:06:21 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Users\bill\AppData\Local\*.exe

:Commands
[purity]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

You must first uninstall AVG before running Combofix then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Right click and Run As Administrator the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image




Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it by right clicking and Run As Administrator. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Ron
  • 0

#3
Epsilon

Epsilon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Thanks for your reply sorry i was busy yesterday but i went through all the steps today here is all the logs you've requested in the process. Also on the aswMBR scan the button was not highlighted after finishing the scan. I hope you don't mind I put all the logs in code tags thought it would be easier to read.

Malwarebytes log

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7060

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

09/07/2011 5:03:55 PM
mbam-log-2011-07-09 (17-03-46).txt

Scan type: Quick scan
Objects scanned: 187524
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\bill\AppData\Local\mss.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Combofix log
ComboFix 11-07-09.02 - bill 09/07/2011  17:25:22.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.2939.1772 [GMT -5:00]
Running from: c:\users\bill\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\no
c:\windows\system32\SV
.
.
(((((((((((((((((((((((((   Files Created from 2011-06-09 to 2011-07-09  )))))))))))))))))))))))))))))))
.
.
2011-07-09 22:32 . 2011-07-09 22:34	--------	d-----w-	c:\users\bill\AppData\Local\temp
2011-07-09 22:16 . 2011-07-09 22:22	--------	d-----w-	C:\32788R22FWJFW
2011-07-09 21:55 . 2011-05-29 14:11	39984	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-09 21:55 . 2011-07-09 21:55	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-09 21:49 . 2011-07-09 21:49	--------	d-----w-	C:\_OTL
2011-07-07 16:29 . 2011-07-07 16:29	--------	d-----w-	c:\program files (x86)\ESET
2011-07-02 14:39 . 2011-07-02 14:39	0	---ha-w-	c:\users\bill\AppData\Local\BIT1A55.tmp
2011-06-29 21:47 . 2011-04-29 16:15	344576	----a-w-	c:\windows\system32\schannel.dll
2011-06-29 21:47 . 2011-04-29 15:59	276992	----a-w-	c:\windows\SysWow64\schannel.dll
2011-06-24 20:24 . 2010-12-20 16:59	847360	----a-w-	c:\windows\system32\oleaut32.dll
2011-06-24 20:24 . 2010-12-20 16:35	563712	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-06-24 20:24 . 2011-04-29 13:41	176128	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-06-24 20:24 . 2011-04-29 13:40	145920	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-06-24 20:24 . 2011-04-21 14:20	405504	----a-w-	c:\windows\system32\drivers\afd.sys
2011-06-24 20:24 . 2011-04-30 06:22	1027584	----a-w-	c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-24 20:24 . 2011-04-30 06:09	758784	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-24 20:24 . 2011-04-29 13:39	275456	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-06-24 20:24 . 2011-05-02 12:02	2409784	----a-w-	c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-06-24 20:24 . 2011-05-02 12:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-06-24 20:24 . 2011-04-29 13:39	135680	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-06-24 20:24 . 2011-04-29 13:39	107008	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-06-24 20:22 . 2011-04-14 15:14	97792	----a-w-	c:\windows\system32\drivers\dfsc.sys
2011-06-24 20:14 . 2011-05-02 17:16	739328	----a-w-	c:\windows\SysWow64\inetcomm.dll
2011-06-24 20:14 . 2011-05-02 17:13	975360	----a-w-	c:\windows\system32\inetcomm.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-02 17:59 . 2010-07-21 14:00	88288	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-07-02 17:59 . 2010-07-21 14:00	123784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-05-29 14:11 . 2010-07-21 14:23	25912	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2008-04-04 36864]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 175104]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 84992]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 00:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-08 6156288]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 181784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.100.254 142.161.130.155
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
.
**************************************************************************
.
Completion time: 2011-07-09  17:40:37 - machine was rebooted
ComboFix-quarantined-files.txt  2011-07-09 22:40
.
Pre-Run: 154,971,123,712 bytes free
Post-Run: 154,949,304,320 bytes free
.
- - End Of File - - F8811615459937B7A9F7691DE29503B0

TDSSKiller Log
2011/07/09 17:45:18.0034 4660	TDSS rootkit removing tool 2.5.9.0 Jul  1 2011 18:45:21
2011/07/09 17:45:18.0471 4660	================================================================================
2011/07/09 17:45:18.0471 4660	SystemInfo:
2011/07/09 17:45:18.0471 4660	
2011/07/09 17:45:18.0471 4660	OS Version: 6.0.6002 ServicePack: 2.0
2011/07/09 17:45:18.0471 4660	Product type: Workstation
2011/07/09 17:45:18.0471 4660	ComputerName: BILL-PC
2011/07/09 17:45:18.0471 4660	UserName: bill
2011/07/09 17:45:18.0471 4660	Windows directory: C:\Windows
2011/07/09 17:45:18.0471 4660	System windows directory: C:\Windows
2011/07/09 17:45:18.0471 4660	Running under WOW64
2011/07/09 17:45:18.0471 4660	Processor architecture: Intel x64
2011/07/09 17:45:18.0471 4660	Number of processors: 2
2011/07/09 17:45:18.0471 4660	Page size: 0x1000
2011/07/09 17:45:18.0471 4660	Boot type: Normal boot
2011/07/09 17:45:18.0471 4660	================================================================================
2011/07/09 17:45:18.0923 4660	Initialize success
2011/07/09 17:45:33.0931 3280	================================================================================
2011/07/09 17:45:33.0931 3280	Scan started
2011/07/09 17:45:33.0931 3280	Mode: Manual; 
2011/07/09 17:45:33.0931 3280	================================================================================
2011/07/09 17:45:34.0445 3280	ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/07/09 17:45:34.0555 3280	adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/07/09 17:45:34.0633 3280	adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/07/09 17:45:34.0664 3280	adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/07/09 17:45:34.0742 3280	adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/07/09 17:45:34.0882 3280	AFD             (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/07/09 17:45:35.0007 3280	AgereSoftModem  (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/07/09 17:45:35.0116 3280	agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/07/09 17:45:35.0210 3280	aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/07/09 17:45:35.0288 3280	aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/07/09 17:45:35.0303 3280	amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/07/09 17:45:35.0366 3280	AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/07/09 17:45:35.0491 3280	arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/07/09 17:45:35.0553 3280	arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/07/09 17:45:35.0631 3280	AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/09 17:45:35.0725 3280	atapi           (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/07/09 17:45:35.0834 3280	athr            (45511c7e870d3adddd60049232ea96b3) C:\Windows\system32\DRIVERS\athrx.sys
2011/07/09 17:45:35.0927 3280	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/09 17:45:35.0990 3280	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/09 17:45:36.0177 3280	blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/07/09 17:45:36.0302 3280	bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/09 17:45:36.0395 3280	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/09 17:45:36.0427 3280	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/07/09 17:45:36.0520 3280	Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/07/09 17:45:36.0583 3280	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/07/09 17:45:36.0614 3280	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/09 17:45:36.0645 3280	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/07/09 17:45:36.0692 3280	BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/07/09 17:45:36.0739 3280	cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/09 17:45:36.0801 3280	cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/09 17:45:36.0879 3280	circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/07/09 17:45:36.0941 3280	CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/07/09 17:45:37.0035 3280	CmBatt          (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/09 17:45:37.0066 3280	cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/07/09 17:45:37.0113 3280	Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/09 17:45:37.0160 3280	crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/09 17:45:37.0222 3280	DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/07/09 17:45:37.0300 3280	disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/07/09 17:45:37.0378 3280	drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/07/09 17:45:37.0441 3280	DXGKrnl         (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/09 17:45:37.0487 3280	E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/07/09 17:45:37.0565 3280	Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/07/09 17:45:37.0628 3280	elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/07/09 17:45:37.0675 3280	ErrDev          (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/07/09 17:45:37.0753 3280	exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/07/09 17:45:37.0799 3280	fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/07/09 17:45:37.0877 3280	fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/09 17:45:37.0924 3280	FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/07/09 17:45:37.0987 3280	Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/07/09 17:45:38.0111 3280	flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/09 17:45:38.0158 3280	FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/07/09 17:45:38.0283 3280	fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/09 17:45:38.0330 3280	Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/09 17:45:38.0361 3280	FwLnk           (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
2011/07/09 17:45:38.0392 3280	gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/09 17:45:38.0470 3280	GEARAspiWDM     (cb121f1009623e83ebcc2c4dcef6d3fe) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/07/09 17:45:38.0533 3280	HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/07/09 17:45:38.0626 3280	HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/09 17:45:38.0657 3280	HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/07/09 17:45:38.0689 3280	HidIr           (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/07/09 17:45:38.0767 3280	HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/09 17:45:38.0798 3280	HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/07/09 17:45:38.0876 3280	HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/07/09 17:45:38.0938 3280	i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/07/09 17:45:38.0969 3280	i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/09 17:45:39.0032 3280	iaStor          (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/09 17:45:39.0094 3280	iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/07/09 17:45:39.0422 3280	igfx            (663e7364f650a915d415eeb2da98d86a) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/09 17:45:39.0843 3280	iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/07/09 17:45:39.0983 3280	IntcAzAudAddService (1835b384d2d66752ed1460e9085230bd) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/09 17:45:40.0077 3280	intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/07/09 17:45:40.0108 3280	intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/09 17:45:40.0202 3280	IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/09 17:45:40.0233 3280	IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/09 17:45:40.0358 3280	IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/09 17:45:40.0405 3280	IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/07/09 17:45:40.0467 3280	isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/07/09 17:45:40.0561 3280	iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/09 17:45:40.0607 3280	iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/07/09 17:45:40.0654 3280	iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/07/09 17:45:40.0732 3280	JSWPSLWF        (9d86c5091209ca4bd3762bed6f654501) C:\Windows\system32\DRIVERS\jswpslwfx.sys
2011/07/09 17:45:40.0873 3280	kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/09 17:45:40.0935 3280	kbdhid          (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/09 17:45:40.0997 3280	KMWDFILTER      (4e76398aef64cb6d782cfeb99b4eae55) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2011/07/09 17:45:41.0200 3280	KSecDD          (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/09 17:45:42.0573 3280	ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/07/09 17:45:42.0729 3280	lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/09 17:45:43.0244 3280	LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/09 17:45:43.0353 3280	LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/09 17:45:43.0431 3280	LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/09 17:45:43.0478 3280	luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/07/09 17:45:43.0556 3280	megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/07/09 17:45:43.0603 3280	MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/07/09 17:45:43.0649 3280	Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/07/09 17:45:43.0665 3280	monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/09 17:45:43.0712 3280	mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/09 17:45:43.0790 3280	mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/09 17:45:43.0821 3280	MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/09 17:45:43.0961 3280	mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/07/09 17:45:43.0993 3280	mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/09 17:45:44.0024 3280	Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/09 17:45:44.0071 3280	MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/09 17:45:44.0180 3280	mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/09 17:45:44.0227 3280	mrxsmb10        (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/09 17:45:44.0273 3280	mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/09 17:45:44.0383 3280	msahci          (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
2011/07/09 17:45:44.0429 3280	msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/07/09 17:45:44.0476 3280	Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/07/09 17:45:44.0539 3280	msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/07/09 17:45:44.0632 3280	MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/09 17:45:44.0648 3280	MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/09 17:45:44.0679 3280	MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/07/09 17:45:44.0788 3280	MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/07/09 17:45:44.0866 3280	mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/09 17:45:44.0897 3280	MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/07/09 17:45:44.0944 3280	Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/07/09 17:45:45.0069 3280	NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/09 17:45:45.0147 3280	NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/07/09 17:45:45.0241 3280	NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/09 17:45:45.0287 3280	Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/09 17:45:45.0350 3280	NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/09 17:45:45.0381 3280	NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/07/09 17:45:45.0443 3280	NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/09 17:45:45.0537 3280	netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/09 17:45:45.0646 3280	nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/07/09 17:45:45.0724 3280	Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/07/09 17:45:45.0787 3280	nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/09 17:45:45.0865 3280	Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/07/09 17:45:45.0974 3280	Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/07/09 17:45:46.0021 3280	nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/07/09 17:45:46.0036 3280	nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/07/09 17:45:46.0083 3280	nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/07/09 17:45:46.0099 3280	ohci1394        (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2011/07/09 17:45:46.0192 3280	Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/07/09 17:45:46.0255 3280	partmgr         (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/07/09 17:45:46.0301 3280	pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/07/09 17:45:46.0364 3280	pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/09 17:45:46.0395 3280	pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/07/09 17:45:46.0457 3280	PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/07/09 17:45:46.0629 3280	PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/09 17:45:46.0660 3280	Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/07/09 17:45:46.0738 3280	PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/09 17:45:46.0801 3280	ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/07/09 17:45:46.0863 3280	ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/07/09 17:45:46.0910 3280	QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/09 17:45:46.0941 3280	RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/09 17:45:47.0035 3280	Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/09 17:45:47.0066 3280	RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/09 17:45:47.0097 3280	RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/09 17:45:47.0144 3280	rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/09 17:45:47.0175 3280	RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/09 17:45:47.0222 3280	rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/07/09 17:45:47.0237 3280	RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/09 17:45:47.0300 3280	RDPWD           (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/07/09 17:45:47.0393 3280	rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/09 17:45:47.0456 3280	RTL8169         (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/07/09 17:45:47.0534 3280	RTSTOR          (ed619c32ce98909614bf2bc4d9ad3fc6) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/07/09 17:45:47.0596 3280	sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/09 17:45:47.0877 3280	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/09 17:45:48.0002 3280	Serenum         (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/07/09 17:45:48.0111 3280	Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/07/09 17:45:48.0158 3280	sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/07/09 17:45:48.0205 3280	sffdisk         (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/07/09 17:45:48.0236 3280	sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/09 17:45:48.0251 3280	sffp_sd         (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/09 17:45:48.0283 3280	sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/07/09 17:45:48.0329 3280	SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/07/09 17:45:48.0361 3280	SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/07/09 17:45:48.0439 3280	Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/07/09 17:45:48.0563 3280	spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/07/09 17:45:48.0641 3280	srv             (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/07/09 17:45:48.0719 3280	srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/09 17:45:48.0766 3280	srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/09 17:45:48.0891 3280	StillCam        (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
2011/07/09 17:45:48.0969 3280	swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/09 17:45:49.0047 3280	Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/07/09 17:45:49.0063 3280	Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/07/09 17:45:49.0094 3280	Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/07/09 17:45:49.0172 3280	SynTP           (d8edb37f6e235a47e12f1eafd85c2b6f) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/09 17:45:49.0297 3280	Tcpip           (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/07/09 17:45:49.0421 3280	Tcpip6          (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/09 17:45:49.0484 3280	tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/09 17:45:49.0531 3280	tdcmdpst        (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/07/09 17:45:49.0593 3280	TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/07/09 17:45:49.0624 3280	TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/07/09 17:45:49.0671 3280	tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/09 17:45:49.0765 3280	TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/09 17:45:49.0936 3280	tos_sps64       (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
2011/07/09 17:45:50.0077 3280	tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/09 17:45:50.0123 3280	tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/09 17:45:50.0170 3280	tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/09 17:45:50.0279 3280	TVALZ           (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/07/09 17:45:50.0311 3280	uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/07/09 17:45:50.0373 3280	udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/09 17:45:50.0451 3280	uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/09 17:45:50.0545 3280	uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/07/09 17:45:50.0560 3280	UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/07/09 17:45:50.0591 3280	ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/07/09 17:45:50.0669 3280	umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/09 17:45:50.0732 3280	usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/09 17:45:50.0763 3280	usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/07/09 17:45:50.0825 3280	usbehci         (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/09 17:45:50.0841 3280	usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/09 17:45:50.0872 3280	usbohci         (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/07/09 17:45:50.0935 3280	usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/09 17:45:51.0059 3280	USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/09 17:45:51.0137 3280	usbuhci         (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/09 17:45:51.0184 3280	usbvideo        (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/09 17:45:51.0247 3280	UVCFTR          (060b7863943625e0193a3575c0c59e52) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2011/07/09 17:45:51.0325 3280	vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/09 17:45:51.0371 3280	VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/07/09 17:45:51.0403 3280	viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/07/09 17:45:51.0543 3280	volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/07/09 17:45:51.0605 3280	volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/07/09 17:45:51.0668 3280	volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/07/09 17:45:51.0730 3280	vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/07/09 17:45:51.0793 3280	WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/07/09 17:45:51.0886 3280	Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/09 17:45:51.0917 3280	Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/09 17:45:52.0027 3280	Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/07/09 17:45:52.0136 3280	Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/09 17:45:52.0448 3280	WmiAcpi         (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/09 17:45:52.0541 3280	WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/09 17:45:52.0573 3280	ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/09 17:45:52.0651 3280	WSDPrintDevice  (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/07/09 17:45:52.0697 3280	WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/09 17:45:52.0760 3280	MBR (0x1B8)     (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
2011/07/09 17:45:52.0791 3280	Boot (0x1200)   (922d3e21995cf02f6d64956997a4bc1b) \Device\Harddisk0\DR0\Partition0
2011/07/09 17:45:52.0838 3280	Boot (0x1200)   (1f5a85781b3d0aaed61801302f69b19f) \Device\Harddisk0\DR0\Partition1
2011/07/09 17:45:52.0853 3280	================================================================================
2011/07/09 17:45:52.0853 3280	Scan finished
2011/07/09 17:45:52.0853 3280	================================================================================
2011/07/09 17:45:52.0869 4052	Detected object count: 0
2011/07/09 17:45:52.0869 4052	Actual detected object count: 0
2011/07/09 17:46:41.0252 4952	Deinitialize success

aswMBR log
aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
Run date: 2011-07-09 17:47:36
-----------------------------
17:47:36.035    OS Version: Windows x64 6.0.6002 Service Pack 2
17:47:36.035    Number of processors: 2 586 0xF0D
17:47:36.035    ComputerName: BILL-PC  UserName: bill
17:47:37.345    Initialize success
17:48:10.547    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:48:10.547    Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
17:48:10.594    Disk 0 MBR read successfully
17:48:10.609    Disk 0 MBR scan
17:48:10.609    Disk 0 unknown MBR code
17:48:10.609    Service scanning
17:48:11.935    Disk 0 trace - called modules:
17:48:11.982    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
17:48:11.982    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004edd790]
17:48:11.982    3 CLASSPNP.SYS[fffffa6000fd3c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003295050]
17:48:11.998    Scan finished successfully
17:48:55.953    Disk 0 MBR has been saved successfully to "C:\Users\bill\Desktop\MBR.dat"
17:48:55.953    The log file has been saved successfully to "C:\Users\bill\Desktop\aswMBR.txt"



MBRCheck log
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer:	TOSHIBA
BIOS Manufacturer:		INSYDE
System Manufacturer:		TOSHIBA
System Product Name:		Satellite L350
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 148):
  0x01E1E000 \SystemRoot\system32\ntoskrnl.exe
  0x02336000 \SystemRoot\system32\hal.dll
  0x00606000 \SystemRoot\system32\kdcom.dll
  0x00610000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x0064B000 \SystemRoot\system32\PSHED.dll
  0x0065F000 \SystemRoot\system32\CLFS.SYS
  0x006BC000 \SystemRoot\system32\CI.dll
  0x0080B000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x008E5000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x008F3000 \SystemRoot\system32\drivers\acpi.sys
  0x00949000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00952000 \SystemRoot\system32\drivers\msisadrv.sys
  0x0095C000 \SystemRoot\system32\drivers\pci.sys
  0x0098C000 \SystemRoot\System32\drivers\partmgr.sys
  0x009A1000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x009A5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x009B1000 \SystemRoot\system32\drivers\volmgr.sys
  0x0076E000 \SystemRoot\System32\drivers\volmgrx.sys
  0x009C5000 \SystemRoot\System32\drivers\mountmgr.sys
  0x009D8000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x009DF000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x00A04000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x00B12000 \SystemRoot\system32\drivers\atapi.sys
  0x00B1A000 \SystemRoot\system32\drivers\ataport.SYS
  0x00B3E000 \SystemRoot\system32\drivers\msahci.sys
  0x00B48000 \SystemRoot\system32\drivers\fltmgr.sys
  0x00B8F000 \SystemRoot\system32\drivers\fileinfo.sys
  0x00C0E000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x00E0F000 \SystemRoot\system32\drivers\ndis.sys
  0x00C95000 \SystemRoot\system32\drivers\msrpc.sys
  0x00CE5000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01001000 \SystemRoot\System32\drivers\tcpip.sys
  0x01177000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x0120B000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x0138B000 \SystemRoot\system32\drivers\volsnap.sys
  0x013CF000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
  0x00D3E000 \SystemRoot\system32\DRIVERS\tos_sps64.sys
  0x013D4000 \SystemRoot\System32\Drivers\spldr.sys
  0x013DC000 \SystemRoot\System32\Drivers\mup.sys
  0x011A3000 \SystemRoot\System32\drivers\ecache.sys
  0x011CF000 \SystemRoot\system32\drivers\disk.sys
  0x00FD2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x013EE000 \SystemRoot\system32\drivers\crcdisk.sys
  0x0230F000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x0231C000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x02325000 \SystemRoot\system32\DRIVERS\FwLnk.sys
  0x0232D000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x02340000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x02402000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
  0x02C04000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x02CE7000 \SystemRoot\System32\drivers\watchdog.sys
  0x02CF7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x02D03000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x02D49000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x02E02000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x02EEF000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
  0x0300D000 \SystemRoot\system32\DRIVERS\athrx.sys
  0x0312C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x03142000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x03150000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x03196000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x03198000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x031A4000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
  0x031AE000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x031CA000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
  0x031D3000 \SystemRoot\system32\DRIVERS\serscan.sys
  0x031DB000 \SystemRoot\system32\drivers\ksthunk.sys
  0x02F22000 \SystemRoot\system32\drivers\ks.sys
  0x02F56000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x02F8F000 \SystemRoot\system32\DRIVERS\storport.sys
  0x031E1000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x02D5A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x031EE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x02D7D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x02FEC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x02DAE000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x02DCC000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x02DE4000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x031FA000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x03000000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x02B8E000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x02B9E000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x02BE6000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x0320D000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x03361000 \SystemRoot\system32\drivers\portcls.sys
  0x0339C000 \SystemRoot\system32\drivers\drmk.sys
  0x0340A000 \SystemRoot\system32\DRIVERS\agrsm64.sys
  0x03546000 \SystemRoot\system32\drivers\modem.sys
  0x03555000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x0355F000 \SystemRoot\System32\Drivers\Null.SYS
  0x03573000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x0357B000 \SystemRoot\System32\drivers\vga.sys
  0x03589000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x035AE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x035B7000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x035C0000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x035CB000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x035DC000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x033BF000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x02345000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x035E5000 \SystemRoot\system32\DRIVERS\smb.sys
  0x02389000 \SystemRoot\system32\drivers\afd.sys
  0x033DC000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x03200000 \SystemRoot\system32\DRIVERS\jswpslwfx.sys
  0x011F1000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x00DBD000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x00BA3000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x023F4000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x00DD8000 \SystemRoot\System32\Drivers\dfsc.sys
  0x007D4000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x03800000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x0381C000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
  0x03827000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x03851000 \SystemRoot\system32\drivers\RTSTOR64.SYS
  0x03865000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x0386E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x03880000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x0388B000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x03899000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x00080000 \SystemRoot\System32\win32k.sys
  0x039A7000 \SystemRoot\System32\drivers\Dxapi.sys
  0x039B3000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00400000 \SystemRoot\System32\TSDDD.dll
  0x006E0000 \SystemRoot\System32\cdd.dll
  0x039C6000 \SystemRoot\system32\drivers\luafv.sys
  0x02200000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x0221F000 \SystemRoot\system32\drivers\spsys.sys
  0x039E8000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x022B9000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x03568000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x022ED000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x1540B000 \SystemRoot\system32\drivers\HTTP.sys
  0x154AE000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x154D7000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x154F5000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x1550F000 \SystemRoot\system32\drivers\mrxdav.sys
  0x15536000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x1555F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x155A8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x155C7000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x15806000 \SystemRoot\System32\DRIVERS\srv.sys
  0x15899000 \SystemRoot\system32\drivers\peauth.sys
  0x1594F000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x1595A000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x1596A000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x15986000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0x159AE000 \??\C:\Users\bill\AppData\Local\Temp\aswMBR.sys
  0x773E0000 \Windows\System32\ntdll.dll

Processes (total 84):
       0 System Idle Process
       4 System
     464 C:\Windows\System32\smss.exe
     604 csrss.exe
     640 C:\Windows\System32\wininit.exe
     660 csrss.exe
     688 C:\Windows\System32\winlogon.exe
     740 C:\Windows\System32\services.exe
     752 C:\Windows\System32\lsass.exe
     760 C:\Windows\System32\lsm.exe
     908 C:\Windows\System32\svchost.exe
     960 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    1004 C:\Windows\System32\svchost.exe
     472 C:\Windows\System32\svchost.exe
     716 C:\Windows\System32\svchost.exe
     648 C:\Windows\System32\svchost.exe
     900 C:\Windows\System32\audiodg.exe
    1060 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\SLsvc.exe
    1108 C:\Windows\System32\svchost.exe
    1252 C:\Windows\System32\svchost.exe
    1476 C:\Windows\System32\wlanext.exe
    1592 C:\Windows\System32\spoolsv.exe
    1616 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1636 C:\Windows\System32\svchost.exe
    1944 C:\Windows\System32\agr64svc.exe
    1988 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    2004 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    2032 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1072 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    1272 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
    2124 C:\Windows\System32\svchost.exe
    2176 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    2252 C:\Windows\System32\svchost.exe
    2276 C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    2304 C:\Windows\System32\TODDSrv.exe
    2336 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    2356 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    2444 C:\Windows\System32\svchost.exe
    2468 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2500 C:\Windows\System32\SearchIndexer.exe
    2668 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2884 C:\Windows\System32\taskeng.exe
    3048 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    3124 C:\Windows\System32\taskeng.exe
    3172 C:\Windows\System32\dwm.exe
    3232 C:\Windows\explorer.exe
    3416 C:\Windows\System32\conime.exe
    3836 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3936 C:\Windows\RAVCpl64.exe
    3996 C:\Program Files\ltmoh\ltmoh.exe
    4004 C:\Windows\System32\igfxtray.exe
    4012 C:\Windows\System32\hkcmd.exe
    4032 C:\Windows\System32\igfxpers.exe
    4040 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    4076 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    4084 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    4092 C:\Program Files\Windows Sidebar\sidebar.exe
    3152 C:\Windows\System32\igfxsrvc.exe
    3268 C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
    3552 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    3400 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
     344 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3648 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3652 C:\Windows\System32\igfxext.exe
    2536 C:\Windows\System32\wbem\unsecapp.exe
    1148 WmiPrvSE.exe
    5104 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    2268 C:\Windows\System32\svchost.exe
    2912 C:\Windows\System32\wuauclt.exe
    1464 C:\Windows\servicing\TrustedInstaller.exe
    4192 C:\Windows\System32\notepad.exe
    1360 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    3480 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    3988 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser.exe
    4548 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe
     880 taskeng.exe
    4704 C:\Windows\System32\SearchProtocolHost.exe
    4960 C:\Windows\System32\SearchFilterHost.exe
    2508 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4324 C:\Windows\System32\SearchProtocolHost.exe
     432 dllhost.exe
    3596 dllhost.exe
    4596 C:\Users\bill\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000036`73000000  (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-26UST0, Rev: 01.01A01

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected
            SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!

Edited by Epsilon, 09 July 2011 - 04:58 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
You missed a step in Malware Bytes AntiMalware:

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

Run it again and make sure you Remove Selected or it won't fix anything.

Ron
  • 0

#5
Epsilon

Epsilon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
I think I put the wrong log in because I remember it being checked off and then selecting remove selected.

Malwarebytes log
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7060

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

09/07/2011 5:05:02 PM
mbam-log-2011-07-09 (17-05-02).txt

Scan type: Quick scan
Objects scanned: 187524
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\bill\AppData\Local\mss.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Your logs look clean now. Are you still seeing the infection?

Ron
  • 0

#7
Epsilon

Epsilon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
The infection doesn't pop up anymore, thanks for your time and help.
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
We need to clean up System Restore.

The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:
"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, (All) Programs, Accessories then right click on Command Prompt and Run As Administrator (continue). Right click and Paste or Edit, Paste and the above line should appear. Hit Enter.

If you run OTL again it has a Cleanup Tab which will remove it and its backup files (which may contain viruses we have removed).
To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.


To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/ and download any upgrades it suggests. Best to run it weekly.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.


Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP