Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.gen.2 or Trojan.exploit.drop


  • This topic is locked This topic is locked

#1
y8z742

y8z742

    New Member

  • Member
  • Pip
  • 6 posts
Problem started Oct 4 at night with AVG 2012 Free running with up to date definitions, AVG quarantined and I thought problem solved, shutdown for night, then Oct 5:

Free AVG 2012,(running at time of infection) virus vault claims malware Virus Name: Trojan.Exploit.Drop.
Mailwarebytes Anti-Malware Free, installed Oct 5, full scan shows quarantine of Trojan.Exploit.Drop Item c:\users\...\appdata\local\temp\kexrlfysmg
AVG rescue CD claimed 2 items repaired, did not save log. Problem still exists.
Norton Recovery Tools bootable CD reported: Trojan.Gen.2 resolved with file infection in c:\windows\assembly\tmp\kwrd.dll and ...\tmp\u\8[email protected]

Each time I continue and plug into internet I get Malwarebytes reports successfully blocked access to potentially malicious website, with various ip address listed (example 195.3.145.254) process either ping.exe, svchost.exe or firefox.exe. Type: outgoing - ports differ always 5 digit port. Clearly Something is trying to access website and is being blocked. The blocks are occurring about 5 or 6 per minute.

OTL ran and OTL.txt and Extras.Txt attachedAttached File  Extras.Txt   54.14KB   66 downloadsAttached File  OTL.Txt   78.31KB   84 downloads

Hope I provided enough detail and not overkill. My first time posting and appreciate direction on removal/clean-up. Have been unable to find solution through using google search.
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello y8z742 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed
Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your date.

After this please continue with steps below.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
y8z742

y8z742

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Malwarebytes Free Trial has not reported a block for over 20 minutes. That was primary notice of a continuing problem.

Here is the log:


ComboFix 11-10-11.03 - Michelle 10/11/2011 16:41:03.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1574 [GMT -4:00]
Running from: c:\users\Michelle\Desktop\ComboFix.exe
AV: AVG Internet Security Business Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security Business Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Temp
c:\program files\Common Files\Temp\{389b10eb-c21e-4b3d-8052-f44da38cde4c}\DrvVista.exe
c:\program files\Common Files\Temp\{389b10eb-c21e-4b3d-8052-f44da38cde4c}\ndistgb.inf
c:\program files\Common Files\Temp\{389b10eb-c21e-4b3d-8052-f44da38cde4c}\ndistgb.sys
c:\program files\Common Files\Temp\{389b10eb-c21e-4b3d-8052-f44da38cde4c}\ndistgb_X64.cat
c:\users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\[email protected]
c:\windows\assembly\tmp\U\[email protected]
c:\windows\assembly\tmp\U\[email protected]
c:\windows\assembly\tmp\U\[email protected]
c:\windows\assembly\tmp\U\[email protected]
c:\windows\assembly\tmp\U\[email protected]
c:\windows\assembly\tmp\U\[email protected]
c:\windows\assembly\tmp\U\[email protected]
c:\windows\assembly\tmp\U\[email protected]
c:\windows\assembly\tmp\U\[email protected]
c:\windows\assembly\tmp\U\[email protected]
c:\windows\system32\consrv.dll
c:\windows\system32\Thumbs.db
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))
.
.
2011-10-11 21:34 . 2011-10-11 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-11 16:26 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2011-10-11 16:26 . 2010-05-26 15:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2011-10-11 16:26 . 2010-05-26 15:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2011-10-11 16:26 . 2010-05-26 15:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2011-10-11 16:26 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2011-10-11 16:25 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-10-11 16:25 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2011-10-09 22:32 . 2011-10-09 22:32 -------- d-----w- C:\$AVG
2011-10-07 03:45 . 2011-10-07 03:45 -------- d-----w- c:\users\Michelle\AppData\Roaming\AVG2012
2011-10-07 03:45 . 2011-10-07 03:45 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-10-07 03:34 . 2011-10-11 21:10 -------- d-----w- c:\users\Michelle\AppData\Local\CrashDumps
2011-10-07 03:34 . 2011-10-07 03:44 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-10-06 23:03 . 2011-10-07 03:43 -------- d-----w- C:\NBRT
2011-10-06 21:18 . 2011-10-06 21:31 -------- d-----w- c:\users\Michelle\AppData\Local\NPE
2011-10-06 13:10 . 2011-10-06 13:10 -------- d-----w- c:\users\Michelle\AppData\Roaming\Malwarebytes
2011-10-06 13:10 . 2011-10-06 13:10 -------- d-----w- c:\programdata\Malwarebytes
2011-10-06 13:10 . 2011-10-09 21:50 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-06 13:10 . 2011-10-06 13:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-06 13:10 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-27 19:45 . 2003-06-18 22:31 16384 ----a-w- c:\windows\SysWow64\MSPGIMME.DLL
2011-09-27 19:45 . 2003-06-18 22:31 443904 ----a-w- c:\windows\SysWow64\MDIVWCTL.DLL
2011-09-27 19:45 . 2003-06-18 22:31 1033216 ----a-w- c:\windows\SysWow64\MSPCORE.DLL
2011-09-23 14:52 . 2011-09-23 14:52 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-09-23 14:49 . 2011-10-07 04:00 -------- d-----w- c:\programdata\AVG2012
2011-09-14 17:12 . 2011-09-14 17:12 -------- d-----w- c:\program files\iPod
2011-09-14 17:12 . 2011-09-14 17:13 -------- d-----w- c:\program files\iTunes
2011-09-14 17:12 . 2011-09-14 17:13 -------- d-----w- c:\program files (x86)\iTunes
2011-09-14 17:11 . 2011-09-14 17:11 -------- d-----w- c:\program files\Bonjour
2011-09-14 17:11 . 2011-09-14 17:11 -------- d-----w- c:\program files (x86)\Bonjour
2011-09-13 10:30 . 2011-09-13 10:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 16:18 . 2011-06-21 12:42 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-13 15:10 . 2011-08-13 15:10 7071545 ----a-w- c:\windows\SysWow64\Island Helicopters.scr
2011-08-08 10:08 . 2011-08-08 10:08 46672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2011-07-22 05:42 . 2011-08-11 02:23 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-11 02:23 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-11 02:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-11 02:23 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-11 02:23 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-11 02:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-10 11:52 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-10 11:52 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-10 11:52 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-10 11:52 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-10 11:52 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-10 11:52 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-10 11:52 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-10 11:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-10 11:52 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-10 11:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-10 11:52 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 11:52 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 11:52 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-10 11:52 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-10 11:52 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 11:52 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 11:52 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 11:52 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-10-07 03:45 1451336 ----a-w- c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-10-07 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]
"TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]
"TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]
"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2011-10-07 218440]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...3e25828f52fd27" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SSLDrv;Virtual Passage SSLDrv Adapter;c:\windows\system32\DRIVERS\SSLDrv.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-08-19 2399560]
R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 ndistgb;TheGreenBow NDIS filter driver;c:\windows\system32\DRIVERS\ndistgb.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 297344]
S2 TgbIke Starter;TgbIke Starter;c:\windows\SysWOW64\TgbStarter.exe [2011-05-18 141880]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-23 246600]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TgbIpSec
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:19]
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TgbVpn"="c:\program files (x86)\NETGEAR\NETGEAR VPN Client Professional\vpnconf.exe" [2011-05-18 525880]
"combofix"="c:\combofix\CF2133.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: dyndns-work.com\tracktel
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\jjxpgvxz.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5e504de7-f652-47f6-970f-5c63db6edba3%7D&mid=0a60f4e0a8b347d19a3ed16f2a67b179-19e13d01f9f2808fc129a816123e25828f52fd27&ds=AVG&v=8.0.0.34.1&lang=en&pr=fr&d=2011-09-23%2010%3A52%3A19&sap=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG2012\Firefox4
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: AVG Security Toolbar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2011-10-11 17:51:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-11 21:51
.
Pre-Run: 84,762,583,040 bytes free
Post-Run: 85,886,251,008 bytes free
.
- - End Of File - - B8C3B2422EB1B7BA1EA922C6FEE679CD
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi y8z742,

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 3

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 4

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
  • OTL log
It would be helpful if you could post each log in separate post
  • 0

#5
y8z742

y8z742

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I have included the tdsskiller log but when I run aswMBR.exe, I get a blue screen of death, I attempted to run it three times, the first two times aswMBR.exe was running from desktop run as administrator, the third time I moved aswMBR.exe to a folder on the c drive. The first two times the last file I saw being scanned was aswMBR.exe thus my decision to try moving the file to see if it happened again with the new file location. Each time the scanner paused for more than 4 minutes before the blue screen.

The first time I did not take a picture but I recalled that it was the same file line:
scanning: c:\users\Michelle\Desktop\aswMBR.exe s\jjxpgvxz.de (the rest if anything was cut off by the screen)
The third time: scanning: c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\jjxpgvxz.d (the rest if anything was cut off by the screen)

I did not run OTL yet. Please advise what to do in lieu of running aswmbr.EXE

TDSSKILLER LOG:
08:52:47.0801 3616 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
08:52:48.0066 3616 ============================================================
08:52:48.0066 3616 Current date / time: 2011/10/12 08:52:48.0066
08:52:48.0066 3616 SystemInfo:
08:52:48.0066 3616
08:52:48.0066 3616 OS Version: 6.1.7601 ServicePack: 1.0
08:52:48.0066 3616 Product type: Workstation
08:52:48.0066 3616 ComputerName: TOSHIBA_LAPTOP
08:52:48.0066 3616 UserName: Michelle
08:52:48.0066 3616 Windows directory: C:\windows
08:52:48.0066 3616 System windows directory: C:\windows
08:52:48.0066 3616 Running under WOW64
08:52:48.0066 3616 Processor architecture: Intel x64
08:52:48.0066 3616 Number of processors: 1
08:52:48.0066 3616 Page size: 0x1000
08:52:48.0066 3616 Boot type: Normal boot
08:52:48.0066 3616 ============================================================
08:52:49.0252 3616 Initialize success
08:53:01.0638 2456 ============================================================
08:53:01.0638 2456 Scan started
08:53:01.0638 2456 Mode: Manual;
08:53:01.0638 2456 ============================================================
08:53:02.0543 2456 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
08:53:02.0558 2456 1394ohci - ok
08:53:02.0668 2456 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
08:53:02.0683 2456 ACPI - ok
08:53:02.0792 2456 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
08:53:02.0808 2456 AcpiPmi - ok
08:53:02.0948 2456 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
08:53:02.0948 2456 adp94xx - ok
08:53:03.0073 2456 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
08:53:03.0089 2456 adpahci - ok
08:53:03.0214 2456 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
08:53:03.0214 2456 adpu320 - ok
08:53:03.0370 2456 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
08:53:03.0370 2456 AFD - ok
08:53:03.0494 2456 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
08:53:03.0494 2456 agp440 - ok
08:53:03.0666 2456 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
08:53:03.0666 2456 aliide - ok
08:53:03.0791 2456 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
08:53:03.0791 2456 amdide - ok
08:53:03.0900 2456 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
08:53:03.0900 2456 AmdK8 - ok
08:53:04.0134 2456 amdkmdag (aefaf27f1b7e52c705df4fb6c96732f6) C:\windows\system32\DRIVERS\atipmdag.sys
08:53:04.0306 2456 amdkmdag - ok
08:53:04.0415 2456 amdkmdap (8149db73be27950ec72767a1193153a6) C:\windows\system32\DRIVERS\atikmpag.sys
08:53:04.0446 2456 amdkmdap - ok
08:53:04.0555 2456 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
08:53:04.0555 2456 AmdPPM - ok
08:53:04.0680 2456 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
08:53:04.0680 2456 amdsata - ok
08:53:04.0805 2456 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
08:53:04.0805 2456 amdsbs - ok
08:53:04.0961 2456 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
08:53:04.0961 2456 amdxata - ok
08:53:05.0086 2456 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
08:53:05.0086 2456 AppID - ok
08:53:05.0273 2456 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
08:53:05.0273 2456 arc - ok
08:53:05.0382 2456 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
08:53:05.0382 2456 arcsas - ok
08:53:05.0491 2456 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
08:53:05.0491 2456 AsyncMac - ok
08:53:05.0616 2456 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
08:53:05.0616 2456 atapi - ok
08:53:05.0788 2456 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys
08:53:05.0803 2456 athr - ok
08:53:05.0928 2456 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys
08:53:05.0944 2456 AtiPcie - ok
08:53:06.0115 2456 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\windows\system32\DRIVERS\avgfwd6a.sys
08:53:06.0131 2456 Avgfwfd - ok
08:53:06.0287 2456 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
08:53:06.0287 2456 AVGIDSDriver - ok
08:53:06.0412 2456 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
08:53:06.0412 2456 AVGIDSEH - ok
08:53:06.0552 2456 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
08:53:06.0568 2456 AVGIDSFilter - ok
08:53:06.0724 2456 Avgldx64 (dadfccfb036da99fa83e7e1d29290a6c) C:\windows\system32\DRIVERS\avgldx64.sys
08:53:06.0724 2456 Avgldx64 - ok
08:53:06.0864 2456 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\windows\system32\DRIVERS\avgmfx64.sys
08:53:06.0864 2456 Avgmfx64 - ok
08:53:07.0004 2456 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\windows\system32\DRIVERS\avgrkx64.sys
08:53:07.0004 2456 Avgrkx64 - ok
08:53:07.0176 2456 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\windows\system32\DRIVERS\avgtdia.sys
08:53:07.0192 2456 Avgtdia - ok
08:53:07.0348 2456 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
08:53:07.0348 2456 b06bdrv - ok
08:53:07.0472 2456 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
08:53:07.0472 2456 b57nd60a - ok
08:53:07.0628 2456 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
08:53:07.0644 2456 Beep - ok
08:53:07.0816 2456 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
08:53:07.0816 2456 blbdrive - ok
08:53:07.0956 2456 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
08:53:07.0956 2456 bowser - ok
08:53:08.0081 2456 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
08:53:08.0081 2456 BrFiltLo - ok
08:53:08.0190 2456 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
08:53:08.0190 2456 BrFiltUp - ok
08:53:08.0330 2456 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
08:53:08.0330 2456 Brserid - ok
08:53:08.0440 2456 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
08:53:08.0440 2456 BrSerWdm - ok
08:53:08.0549 2456 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
08:53:08.0549 2456 BrUsbMdm - ok
08:53:08.0689 2456 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
08:53:08.0689 2456 BrUsbSer - ok
08:53:08.0798 2456 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
08:53:08.0814 2456 BTHMODEM - ok
08:53:08.0954 2456 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\windows\system32\drivers\BVRPMPR5a64.SYS
08:53:08.0954 2456 BVRPMPR5a64 - ok
08:53:08.0986 2456 catchme - ok
08:53:09.0095 2456 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
08:53:09.0095 2456 cdfs - ok
08:53:09.0220 2456 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
08:53:09.0235 2456 cdrom - ok
08:53:09.0360 2456 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
08:53:09.0360 2456 circlass - ok
08:53:09.0469 2456 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
08:53:09.0485 2456 CLFS - ok
08:53:09.0656 2456 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
08:53:09.0656 2456 CmBatt - ok
08:53:09.0719 2456 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
08:53:09.0719 2456 cmdide - ok
08:53:09.0875 2456 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
08:53:09.0890 2456 CNG - ok
08:53:10.0046 2456 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\windows\system32\drivers\CHDRT64.sys
08:53:10.0062 2456 CnxtHdAudService - ok
08:53:10.0171 2456 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
08:53:10.0171 2456 Compbatt - ok
08:53:10.0296 2456 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
08:53:10.0296 2456 CompositeBus - ok
08:53:10.0436 2456 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
08:53:10.0436 2456 crcdisk - ok
08:53:10.0608 2456 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
08:53:10.0608 2456 DfsC - ok
08:53:10.0717 2456 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
08:53:10.0733 2456 discache - ok
08:53:10.0858 2456 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
08:53:10.0858 2456 Disk - ok
08:53:11.0014 2456 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys
08:53:11.0014 2456 Dot4 - ok
08:53:11.0138 2456 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\windows\system32\drivers\Dot4Prt.sys
08:53:11.0138 2456 Dot4Print - ok
08:53:11.0263 2456 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys
08:53:11.0263 2456 dot4usb - ok
08:53:11.0388 2456 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
08:53:11.0388 2456 drmkaud - ok
08:53:11.0544 2456 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
08:53:11.0575 2456 DXGKrnl - ok
08:53:11.0762 2456 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
08:53:11.0825 2456 ebdrv - ok
08:53:11.0965 2456 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
08:53:11.0981 2456 elxstor - ok
08:53:12.0090 2456 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
08:53:12.0090 2456 ErrDev - ok
08:53:12.0246 2456 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
08:53:12.0246 2456 exfat - ok
08:53:12.0355 2456 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
08:53:12.0355 2456 fastfat - ok
08:53:12.0480 2456 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
08:53:12.0480 2456 fdc - ok
08:53:12.0605 2456 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
08:53:12.0620 2456 FileInfo - ok
08:53:12.0714 2456 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
08:53:12.0714 2456 Filetrace - ok
08:53:12.0808 2456 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
08:53:12.0823 2456 flpydisk - ok
08:53:12.0964 2456 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
08:53:12.0964 2456 FltMgr - ok
08:53:13.0088 2456 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
08:53:13.0088 2456 FsDepends - ok
08:53:13.0198 2456 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
08:53:13.0198 2456 Fs_Rec - ok
08:53:13.0322 2456 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
08:53:13.0338 2456 fvevol - ok
08:53:13.0447 2456 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
08:53:13.0447 2456 FwLnk - ok
08:53:13.0572 2456 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
08:53:13.0572 2456 gagp30kx - ok
08:53:13.0712 2456 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
08:53:13.0712 2456 GEARAspiWDM - ok
08:53:13.0900 2456 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
08:53:13.0915 2456 hcw85cir - ok
08:53:14.0056 2456 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
08:53:14.0056 2456 HdAudAddService - ok
08:53:14.0180 2456 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
08:53:14.0180 2456 HDAudBus - ok
08:53:14.0290 2456 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
08:53:14.0290 2456 HidBatt - ok
08:53:14.0399 2456 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
08:53:14.0399 2456 HidBth - ok
08:53:14.0539 2456 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
08:53:14.0539 2456 HidIr - ok
08:53:14.0664 2456 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
08:53:14.0664 2456 HidUsb - ok
08:53:14.0836 2456 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
08:53:14.0836 2456 HpSAMD - ok
08:53:14.0976 2456 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
08:53:14.0992 2456 HTTP - ok
08:53:15.0101 2456 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
08:53:15.0101 2456 hwpolicy - ok
08:53:15.0226 2456 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
08:53:15.0226 2456 i8042prt - ok
08:53:15.0366 2456 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
08:53:15.0382 2456 iaStorV - ok
08:53:15.0522 2456 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
08:53:15.0522 2456 iirsp - ok
08:53:15.0662 2456 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
08:53:15.0662 2456 intelide - ok
08:53:15.0772 2456 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
08:53:15.0787 2456 intelppm - ok
08:53:15.0896 2456 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
08:53:15.0896 2456 IpFilterDriver - ok
08:53:16.0037 2456 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
08:53:16.0052 2456 IPMIDRV - ok
08:53:16.0162 2456 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
08:53:16.0162 2456 IPNAT - ok
08:53:16.0318 2456 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
08:53:16.0318 2456 IRENUM - ok
08:53:16.0427 2456 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
08:53:16.0427 2456 isapnp - ok
08:53:16.0567 2456 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
08:53:16.0567 2456 iScsiPrt - ok
08:53:16.0692 2456 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
08:53:16.0708 2456 kbdclass - ok
08:53:16.0817 2456 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
08:53:16.0817 2456 kbdhid - ok
08:53:16.0957 2456 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
08:53:17.0004 2456 KSecDD - ok
08:53:17.0176 2456 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
08:53:17.0191 2456 KSecPkg - ok
08:53:17.0300 2456 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
08:53:17.0300 2456 ksthunk - ok
08:53:17.0425 2456 L1C (48686c29856f46443952a831424f8d6f) C:\windows\system32\DRIVERS\L1C62x64.sys
08:53:17.0425 2456 L1C - ok
08:53:17.0581 2456 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
08:53:17.0581 2456 lltdio - ok
08:53:17.0722 2456 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
08:53:17.0722 2456 LSI_FC - ok
08:53:17.0846 2456 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
08:53:17.0846 2456 LSI_SAS - ok
08:53:17.0971 2456 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
08:53:17.0987 2456 LSI_SAS2 - ok
08:53:18.0112 2456 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
08:53:18.0112 2456 LSI_SCSI - ok
08:53:18.0236 2456 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
08:53:18.0236 2456 luafv - ok
08:53:18.0377 2456 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\windows\system32\drivers\mbam.sys
08:53:18.0377 2456 MBAMProtector - ok
08:53:18.0517 2456 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
08:53:18.0517 2456 megasas - ok
08:53:18.0658 2456 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
08:53:18.0673 2456 MegaSR - ok
08:53:18.0814 2456 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
08:53:18.0814 2456 Modem - ok
08:53:18.0938 2456 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
08:53:18.0938 2456 monitor - ok
08:53:19.0079 2456 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
08:53:19.0079 2456 mouclass - ok
08:53:19.0204 2456 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
08:53:19.0204 2456 mouhid - ok
08:53:19.0328 2456 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
08:53:19.0328 2456 mountmgr - ok
08:53:19.0438 2456 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
08:53:19.0438 2456 mpio - ok
08:53:19.0562 2456 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
08:53:19.0578 2456 mpsdrv - ok
08:53:19.0718 2456 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
08:53:19.0718 2456 MRxDAV - ok
08:53:19.0843 2456 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
08:53:19.0843 2456 mrxsmb - ok
08:53:19.0968 2456 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
08:53:19.0968 2456 mrxsmb10 - ok
08:53:20.0093 2456 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
08:53:20.0093 2456 mrxsmb20 - ok
08:53:20.0202 2456 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
08:53:20.0202 2456 msahci - ok
08:53:20.0311 2456 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
08:53:20.0311 2456 msdsm - ok
08:53:20.0452 2456 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
08:53:20.0452 2456 Msfs - ok
08:53:20.0576 2456 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
08:53:20.0576 2456 mshidkmdf - ok
08:53:20.0686 2456 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
08:53:20.0686 2456 msisadrv - ok
08:53:20.0857 2456 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
08:53:20.0857 2456 MSKSSRV - ok
08:53:20.0982 2456 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
08:53:20.0982 2456 MSPCLOCK - ok
08:53:21.0107 2456 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
08:53:21.0107 2456 MSPQM - ok
08:53:21.0232 2456 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
08:53:21.0247 2456 MsRPC - ok
08:53:21.0356 2456 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
08:53:21.0356 2456 mssmbios - ok
08:53:21.0481 2456 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
08:53:21.0481 2456 MSTEE - ok
08:53:21.0590 2456 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
08:53:21.0590 2456 MTConfig - ok
08:53:21.0731 2456 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
08:53:21.0731 2456 Mup - ok
08:53:21.0871 2456 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
08:53:21.0871 2456 NativeWifiP - ok
08:53:22.0043 2456 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
08:53:22.0058 2456 NDIS - ok
08:53:22.0199 2456 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
08:53:22.0199 2456 NdisCap - ok
08:53:22.0308 2456 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
08:53:22.0324 2456 NdisTapi - ok
08:53:22.0464 2456 ndistgb (5a2f019faca8c529d78fe5507d2b30a2) C:\windows\system32\DRIVERS\ndistgb.sys
08:53:22.0464 2456 ndistgb - ok
08:53:22.0589 2456 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
08:53:22.0589 2456 Ndisuio - ok
08:53:22.0729 2456 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
08:53:22.0729 2456 NdisWan - ok
08:53:22.0854 2456 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
08:53:22.0870 2456 NDProxy - ok
08:53:23.0010 2456 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
08:53:23.0010 2456 NetBIOS - ok
08:53:23.0135 2456 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
08:53:23.0135 2456 NetBT - ok
08:53:23.0260 2456 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
08:53:23.0260 2456 nfrd960 - ok
08:53:23.0384 2456 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
08:53:23.0384 2456 Npfs - ok
08:53:23.0494 2456 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
08:53:23.0494 2456 nsiproxy - ok
08:53:23.0681 2456 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
08:53:23.0696 2456 Ntfs - ok
08:53:23.0806 2456 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
08:53:23.0806 2456 Null - ok
08:53:23.0915 2456 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
08:53:23.0915 2456 nvraid - ok
08:53:24.0040 2456 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
08:53:24.0040 2456 nvstor - ok
08:53:24.0149 2456 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
08:53:24.0164 2456 nv_agp - ok
08:53:24.0258 2456 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
08:53:24.0274 2456 ohci1394 - ok
08:53:24.0430 2456 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
08:53:24.0430 2456 Parport - ok
08:53:24.0539 2456 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
08:53:24.0539 2456 partmgr - ok
08:53:24.0679 2456 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
08:53:24.0679 2456 pci - ok
08:53:24.0788 2456 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
08:53:24.0804 2456 pciide - ok
08:53:24.0913 2456 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
08:53:24.0913 2456 pcmcia - ok
08:53:25.0007 2456 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
08:53:25.0007 2456 pcw - ok
08:53:25.0116 2456 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
08:53:25.0132 2456 PEAUTH - ok
08:53:25.0303 2456 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
08:53:25.0319 2456 PptpMiniport - ok
08:53:25.0412 2456 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
08:53:25.0412 2456 Processor - ok
08:53:25.0553 2456 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
08:53:25.0553 2456 Psched - ok
08:53:25.0724 2456 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
08:53:25.0740 2456 ql2300 - ok
08:53:25.0849 2456 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
08:53:25.0865 2456 ql40xx - ok
08:53:25.0958 2456 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
08:53:25.0958 2456 QWAVEdrv - ok
08:53:26.0068 2456 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
08:53:26.0068 2456 RasAcd - ok
08:53:26.0192 2456 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
08:53:26.0192 2456 RasAgileVpn - ok
08:53:26.0333 2456 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
08:53:26.0333 2456 Rasl2tp - ok
08:53:26.0458 2456 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
08:53:26.0458 2456 RasPppoe - ok
08:53:26.0567 2456 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
08:53:26.0582 2456 RasSstp - ok
08:53:26.0707 2456 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
08:53:26.0723 2456 rdbss - ok
08:53:26.0801 2456 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
08:53:26.0801 2456 rdpbus - ok
08:53:26.0910 2456 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
08:53:26.0910 2456 RDPCDD - ok
08:53:27.0035 2456 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
08:53:27.0035 2456 RDPENCDD - ok
08:53:27.0144 2456 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
08:53:27.0144 2456 RDPREFMP - ok
08:53:27.0269 2456 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
08:53:27.0284 2456 RDPWD - ok
08:53:27.0409 2456 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
08:53:27.0425 2456 rdyboost - ok
08:53:27.0581 2456 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
08:53:27.0581 2456 rspndr - ok
08:53:27.0721 2456 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys
08:53:27.0737 2456 RSUSBSTOR - ok
08:53:27.0862 2456 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
08:53:27.0877 2456 sbp2port - ok
08:53:28.0002 2456 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
08:53:28.0002 2456 scfilter - ok
08:53:28.0111 2456 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
08:53:28.0127 2456 secdrv - ok
08:53:28.0236 2456 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
08:53:28.0236 2456 Serenum - ok
08:53:28.0345 2456 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
08:53:28.0345 2456 Serial - ok
08:53:28.0454 2456 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
08:53:28.0454 2456 sermouse - ok
08:53:28.0610 2456 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
08:53:28.0610 2456 sffdisk - ok
08:53:28.0720 2456 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
08:53:28.0720 2456 sffp_mmc - ok
08:53:28.0844 2456 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
08:53:28.0844 2456 sffp_sd - ok
08:53:28.0938 2456 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
08:53:28.0938 2456 sfloppy - ok
08:53:29.0078 2456 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
08:53:29.0078 2456 SiSRaid2 - ok
08:53:29.0188 2456 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
08:53:29.0188 2456 SiSRaid4 - ok
08:53:29.0297 2456 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
08:53:29.0297 2456 Smb - ok
08:53:29.0422 2456 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
08:53:29.0437 2456 spldr - ok
08:53:29.0593 2456 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
08:53:29.0593 2456 srv - ok
08:53:29.0718 2456 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
08:53:29.0734 2456 srv2 - ok
08:53:29.0843 2456 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
08:53:29.0843 2456 srvnet - ok
08:53:29.0999 2456 SSLDrv (473387bf2c3ce108d93f399086e53ec8) C:\windows\system32\DRIVERS\SSLDrv.sys
08:53:30.0014 2456 SSLDrv - ok
08:53:30.0124 2456 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
08:53:30.0124 2456 stexstor - ok
08:53:30.0248 2456 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
08:53:30.0248 2456 swenum - ok
08:53:30.0404 2456 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
08:53:30.0404 2456 SynTP - ok
08:53:30.0623 2456 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\drivers\tcpip.sys
08:53:30.0638 2456 Tcpip - ok
08:53:30.0810 2456 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\DRIVERS\tcpip.sys
08:53:30.0826 2456 TCPIP6 - ok
08:53:30.0935 2456 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
08:53:30.0950 2456 tcpipreg - ok
08:53:31.0075 2456 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
08:53:31.0075 2456 tdcmdpst - ok
08:53:31.0184 2456 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
08:53:31.0184 2456 TDPIPE - ok
08:53:31.0278 2456 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
08:53:31.0294 2456 TDTCP - ok
08:53:31.0418 2456 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
08:53:31.0418 2456 tdx - ok
08:53:31.0559 2456 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
08:53:31.0559 2456 TermDD - ok
08:53:31.0730 2456 TgbIpSec (0346404919d425d02912105a5c08895f) C:\windows\system32\Drivers\dfiltervpn.sys
08:53:31.0730 2456 TgbIpSec - ok
08:53:31.0949 2456 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
08:53:31.0949 2456 tssecsrv - ok
08:53:32.0058 2456 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
08:53:32.0074 2456 TsUsbFlt - ok
08:53:32.0198 2456 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
08:53:32.0214 2456 tunnel - ok
08:53:32.0323 2456 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
08:53:32.0323 2456 TVALZ - ok
08:53:32.0417 2456 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
08:53:32.0432 2456 uagp35 - ok
08:53:32.0557 2456 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
08:53:32.0557 2456 udfs - ok
08:53:32.0698 2456 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
08:53:32.0698 2456 uliagpkx - ok
08:53:32.0807 2456 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
08:53:32.0807 2456 umbus - ok
08:53:32.0916 2456 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
08:53:32.0916 2456 UmPass - ok
08:53:33.0056 2456 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
08:53:33.0056 2456 USBAAPL64 - ok
08:53:33.0166 2456 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
08:53:33.0166 2456 usbccgp - ok
08:53:33.0290 2456 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
08:53:33.0306 2456 usbcir - ok
08:53:33.0415 2456 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
08:53:33.0415 2456 usbehci - ok
08:53:33.0556 2456 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
08:53:33.0556 2456 usbhub - ok
08:53:33.0680 2456 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
08:53:33.0680 2456 usbohci - ok
08:53:33.0790 2456 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
08:53:33.0790 2456 usbprint - ok
08:53:33.0946 2456 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
08:53:33.0946 2456 usbscan - ok
08:53:34.0071 2456 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
08:53:34.0071 2456 USBSTOR - ok
08:53:34.0180 2456 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
08:53:34.0195 2456 usbuhci - ok
08:53:34.0320 2456 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
08:53:34.0320 2456 usbvideo - ok
08:53:34.0461 2456 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
08:53:34.0461 2456 vdrvroot - ok
08:53:34.0570 2456 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
08:53:34.0570 2456 vga - ok
08:53:34.0679 2456 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
08:53:34.0679 2456 VgaSave - ok
08:53:34.0788 2456 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
08:53:34.0804 2456 vhdmp - ok
08:53:34.0913 2456 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
08:53:34.0913 2456 viaide - ok
08:53:35.0022 2456 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
08:53:35.0038 2456 volmgr - ok
08:53:35.0163 2456 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
08:53:35.0178 2456 volmgrx - ok
08:53:35.0303 2456 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
08:53:35.0303 2456 volsnap - ok
08:53:35.0412 2456 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
08:53:35.0428 2456 vsmraid - ok
08:53:35.0568 2456 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
08:53:35.0568 2456 vwifibus - ok
08:53:35.0693 2456 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
08:53:35.0693 2456 vwififlt - ok
08:53:35.0818 2456 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
08:53:35.0818 2456 WacomPen - ok
08:53:35.0958 2456 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
08:53:35.0958 2456 WANARP - ok
08:53:35.0989 2456 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
08:53:35.0989 2456 Wanarpv6 - ok
08:53:36.0161 2456 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
08:53:36.0161 2456 Wd - ok
08:53:36.0270 2456 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
08:53:36.0286 2456 Wdf01000 - ok
08:53:36.0426 2456 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
08:53:36.0442 2456 WfpLwf - ok
08:53:36.0535 2456 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
08:53:36.0551 2456 WIMMount - ok
08:53:36.0707 2456 WinUSB (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUSB.sys
08:53:36.0723 2456 WinUSB - ok
08:53:36.0847 2456 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
08:53:36.0847 2456 WmiAcpi - ok
08:53:36.0988 2456 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
08:53:36.0988 2456 ws2ifsl - ok
08:53:37.0128 2456 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
08:53:37.0144 2456 WudfPf - ok
08:53:37.0253 2456 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
08:53:37.0269 2456 WUDFRd - ok
08:53:37.0331 2456 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
08:53:37.0347 2456 \Device\Harddisk0\DR0 - ok
08:53:37.0362 2456 Boot (0x1200) (6cd6e088ea794e4acd101b7cee41ff99) \Device\Harddisk0\DR0\Partition0
08:53:37.0362 2456 \Device\Harddisk0\DR0\Partition0 - ok
08:53:37.0362 2456 ============================================================
08:53:37.0362 2456 Scan finished
08:53:37.0362 2456 ============================================================
08:53:37.0378 2408 Detected object count: 0
08:53:37.0378 2408 Actual detected object count: 0
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. We will try this instead aswMBR.

Step 1

Run OTL again

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me

Step 2

Please download MBRCheck.exe to your desktop.

  • Double click to run it
  • It will prompt you with some text
  • A text file will be generated on your desktop
  • Now paste that text here for me.
Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • MBRCheck log
It would be helpful if you could post each log in separate post
  • 0

#7
y8z742

y8z742

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL LOG:
OTL logfile created on: 10/12/2011 8:10:24 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\incoming
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 56.75% Memory free
5.49 Gb Paging File | 4.14 Gb Available in Paging File | 75.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.46 Gb Total Space | 80.42 Gb Free Space | 27.98% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA_LAPTOP | User Name: Michelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/07 07:07:07 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\incoming\OTL.exe
PRC - [2011/10/06 23:45:00 | 000,218,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2011/09/23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/09/23 10:52:17 | 000,246,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/08/31 20:52:09 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/18 09:11:54 | 000,525,880 | ---- | M] (Netgear) -- C:\Program Files (x86)\NETGEAR\NETGEAR VPN Client Professional\vpnconf.exe
PRC - [2011/05/18 09:11:52 | 000,502,328 | ---- | M] (TheGreenBow) -- C:\Program Files (x86)\NETGEAR\NETGEAR VPN Client Professional\tgbike.exe
PRC - [2011/05/18 09:11:50 | 000,141,880 | ---- | M] (TheGreenBow) -- C:\Windows\SysWOW64\TgbStarter.exe
PRC - [2010/08/24 17:02:20 | 000,608,528 | ---- | M] (TiVo Inc.) -- C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
PRC - [2010/08/24 17:02:18 | 002,264,336 | ---- | M] (TiVo Inc.) -- C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
PRC - [2010/08/24 17:02:14 | 000,437,520 | ---- | M] (TiVo Inc.) -- C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/06 23:45:00 | 000,218,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/08/31 20:52:09 | 001,001,432 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/08/24 17:02:02 | 000,050,960 | ---- | M] () -- C:\Program Files (x86)\TiVo\Desktop\Plus\TranscodingServicePS.dll
MOD - [2010/08/24 16:40:42 | 000,259,584 | ---- | M] () -- C:\Program Files (x86)\TiVo\Desktop\Id3Lib.dll
MOD - [2010/05/17 22:52:16 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\TiVo\Desktop\LibEay32.dll
MOD - [2010/05/17 22:52:16 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\TiVo\Desktop\SslEay32.dll
MOD - [2010/05/17 22:51:14 | 000,716,800 | ---- | M] () -- C:\Program Files (x86)\TiVo\Desktop\loudmouth.dll
MOD - [2003/01/30 07:04:00 | 000,618,496 | ---- | M] () -- C:\Program Files (x86)\TiVo\Desktop\StlpMt45.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/15 12:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/09/23 10:52:17 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/19 06:24:14 | 002,399,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/05/18 09:11:50 | 000,141,880 | ---- | M] (TheGreenBow) [Auto | Running] -- C:\Windows\SysWOW64\TgbStarter.exe -- (TgbIke Starter)
SRV - [2010/08/24 17:02:08 | 001,104,656 | ---- | M] (TiVo Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/13 14:09:08 | 000,297,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe -- (taisregispinger)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/05/18 09:11:48 | 000,028,728 | ---- | M] (TheGreenBow) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndistgb.sys -- (ndistgb)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/06 23:12:22 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/04/01 15:46:44 | 000,020,064 | ---- | M] (Cavium Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SSLDrv.sys -- (SSLDrv)
DRV:64bit: - [2010/03/15 13:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/15 12:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/04 20:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/01 13:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/18 17:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/11/06 15:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 12:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSND&bmod=TSND

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\incoming
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:8.0.0.34.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1829
FF - prefs.js..keyword.URL: "http://isearch.avg.c...2:19&sap=ku&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/08 12:28:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/06 23:45:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/14 09:07:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/14 09:07:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/08 12:28:46 | 000,000,000 | ---D | M]

[2011/05/04 04:38:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michelle\AppData\Roaming\Mozilla\Extensions
[2011/10/12 15:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\jjxpgvxz.default\extensions
[2011/05/10 12:39:32 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\jjxpgvxz.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/10/06 23:45:15 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\jjxpgvxz.default\extensions\[email protected]
[2011/09/29 08:54:12 | 000,003,849 | ---- | M] () -- C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\jjxpgvxz.default\searchplugins\avg-secure-search.xml
[2011/08/01 10:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/30 19:32:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/06 10:00:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/08/01 10:12:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/06 23:45:16 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011/06/08 12:28:46 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/10/11 17:37:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TgbVpn] C:\Program Files (x86)\NETGEAR\NETGEAR VPN Client Professional\vpnconf.exe (Netgear)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
O4 - HKCU..\Run: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
O4 - HKCU..\Run: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe (TiVo Inc.)
O4 - HKCU..\Run: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\rsvpsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\rsvpsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: dyndns-work.com ([tracktel] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {19DFFB5D-E30A-4E3B-8524-0AD8F4D88D32} https://tracktel.dyn...8/XTunnel64.cab (VPLaunch Class)
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://98.209.90.11...eCleaner_64.cab (WebCacheCleaner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12A53691-10AE-4F97-AE87-B22EAF38946A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{387329A7-A065-40BA-A9BB-AAF990EA7F9A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/12 14:42:13 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/10/11 18:06:00 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/10/11 17:51:56 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/10/11 17:37:30 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/10/11 16:39:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/10/11 16:39:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/10/11 16:39:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/10/11 16:39:08 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/10/11 16:33:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/11 16:28:14 | 004,254,939 | R--- | C] (Swearware) -- C:\Users\Michelle\Desktop\ComboFix.exe
[2011/10/09 18:32:24 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/10/06 23:45:51 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Roaming\AVG2012
[2011/10/06 23:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/06 23:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011/10/06 23:34:33 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\CrashDumps
[2011/10/06 23:34:08 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\drivers\AVG
[2011/10/06 19:03:42 | 000,000,000 | ---D | C] -- C:\NBRT
[2011/10/06 17:18:48 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\NPE
[2011/10/06 09:10:46 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Roaming\Malwarebytes
[2011/10/06 09:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/06 09:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/06 09:10:32 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/10/06 09:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/06 09:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/09/23 21:48:41 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{1002FD23-62B2-45B0-BF54-2773413759C4}
[2011/09/23 10:52:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2011/09/23 10:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/14 13:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/09/14 13:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/14 13:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/14 13:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/09/14 13:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/09/14 13:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/09/14 09:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/09/14 09:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/09/13 06:30:08 | 000,037,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgrkx64.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/12 23:13:25 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/12 20:09:06 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 20:09:06 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 20:02:16 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/12 20:01:43 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/12 15:28:06 | 539,650,876 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/10/11 19:37:03 | 106,390,176 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2011/10/11 19:36:41 | 000,026,219 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2011/10/11 18:31:39 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/10/11 18:31:39 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/10/11 18:31:39 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/10/11 17:37:26 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011/10/11 16:28:21 | 004,254,939 | R--- | M] (Swearware) -- C:\Users\Michelle\Desktop\ComboFix.exe
[2011/10/11 12:27:56 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
[2011/10/07 18:16:42 | 000,662,349 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavifw.avm
[2011/10/06 23:45:16 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/10/06 23:44:45 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
[2011/10/06 23:44:45 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/10/06 23:34:08 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\iavifw.avm
[2011/10/06 17:46:27 | 000,002,036 | -H-- | M] () -- C:\Users\Michelle\Documents\Default.rdp
[2011/10/06 12:41:19 | 000,416,024 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/10/06 09:10:36 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/23 22:44:44 | 000,001,862 | ---- | M] () -- C:\Users\Michelle\Desktop\hawaii - Shortcut.lnk
[2011/09/14 13:13:09 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgrkx64.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/12 14:41:58 | 539,650,876 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/10/11 16:39:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/10/11 16:39:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/10/11 16:39:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/10/11 16:39:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/10/11 16:39:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/10/11 12:27:56 | 000,002,843 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
[2011/10/06 23:45:16 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/10/06 23:44:45 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
[2011/10/06 23:44:45 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/10/06 23:34:08 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\iavifw.avm
[2011/10/06 09:10:36 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/23 22:44:44 | 000,001,862 | ---- | C] () -- C:\Users\Michelle\Desktop\hawaii - Shortcut.lnk
[2011/09/14 13:13:09 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/09 10:50:28 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\redmonnt.dll
[2011/06/08 12:25:16 | 000,165,449 | ---- | C] () -- C:\windows\hpoins28.dat
[2011/06/08 12:25:16 | 000,000,442 | ---- | C] () -- C:\windows\hpomdl28.dat
[2010/09/14 15:31:22 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/09/14 15:29:04 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2010/04/01 15:46:46 | 000,032,480 | ---- | C] () -- C:\windows\UninstallVTPassage.exe
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/10/06 23:45:51 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\AVG2012
[2011/06/14 10:11:00 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Barnes & Noble
[2011/06/28 16:36:50 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\OverDrive
[2011/05/04 04:26:00 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Toshiba
[2011/05/03 00:04:20 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\WinBatch
[2011/10/12 15:04:48 | 000,032,558 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/31 20:52:09 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/31 20:52:09 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/31 20:52:09 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/08/31 20:52:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/08/31 20:52:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/08/31 20:52:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/30 19:38:03 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/30 19:38:03 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/30 19:38:03 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/09/30 19:38:03 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/04 03:33:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/04 03:33:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/04 03:33:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/04 03:33:32 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/05/04 03:33:32 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/08/31 20:52:09 | 000,552,464 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/08/31 20:52:09 | 000,552,464 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/08/31 20:52:09 | 000,552,464 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/08/31 20:52:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/08/31 20:52:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/08/31 20:52:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/09/30 19:38:03 | 001,030,200 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/09/30 19:38:03 | 001,030,200 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/09/30 19:38:03 | 001,030,200 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/09/30 19:38:03 | 001,030,200 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/04 03:33:28 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/04 03:33:28 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/04 03:33:28 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/04 03:33:32 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/05/04 03:33:32 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#8
y8z742

y8z742

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
MBRCHECK LOG:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: Insyde Corp.
System Manufacturer: TOSHIBA
System Product Name: Satellite C655D
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 150):
0x02A49000 \SystemRoot\system32\ntoskrnl.exe
0x02A00000 \SystemRoot\system32\hal.dll
0x00BCC000 \SystemRoot\system32\kdcom.dll
0x00C8C000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C99000 \SystemRoot\system32\PSHED.dll
0x00CAD000 \SystemRoot\system32\CLFS.SYS
0x00D0B000 \SystemRoot\system32\CI.dll
0x00E51000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EF5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F04000 \SystemRoot\system32\drivers\ACPI.sys
0x00F5B000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F64000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F6E000 \SystemRoot\system32\drivers\pci.sys
0x00FA1000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FAE000 \SystemRoot\System32\drivers\partmgr.sys
0x00FC3000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FCC000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FD8000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E1A000 \SystemRoot\system32\drivers\pciide.sys
0x00E21000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E31000 \SystemRoot\system32\drivers\atapi.sys
0x00C5C000 \SystemRoot\system32\drivers\ataport.SYS
0x00E3A000 \SystemRoot\system32\drivers\msahci.sys
0x00E45000 \SystemRoot\system32\drivers\amdxata.sys
0x010FC000 \SystemRoot\system32\drivers\fltmgr.sys
0x01148000 \SystemRoot\system32\drivers\fileinfo.sys
0x01244000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0115C000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x0121B000 \SystemRoot\System32\drivers\pcw.sys
0x0122C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014D2000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016BE000 \SystemRoot\System32\drivers\tcpip.sys
0x018C2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0190C000 \SystemRoot\system32\drivers\volsnap.sys
0x01958000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x0195D000 \SystemRoot\System32\Drivers\spldr.sys
0x01965000 \SystemRoot\System32\drivers\rdyboost.sys
0x0199F000 \SystemRoot\System32\Drivers\mup.sys
0x019B1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x019BA000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01600000 \SystemRoot\system32\DRIVERS\disk.sys
0x01616000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01646000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x01652000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x0165C000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x0148B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0169C000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x016AC000 \SystemRoot\System32\Drivers\Null.SYS
0x016B5000 \SystemRoot\System32\Drivers\Beep.SYS
0x014B5000 \SystemRoot\System32\drivers\vga.sys
0x015C5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015EA000 \SystemRoot\System32\drivers\watchdog.sys
0x019F4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x014C3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01236000 \SystemRoot\system32\drivers\rdprefmp.sys
0x013E7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01072000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01083000 \SystemRoot\system32\DRIVERS\avgfwd6a.sys
0x01092000 \SystemRoot\system32\DRIVERS\tdx.sys
0x013F2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C18000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x02C78000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02CBD000 \SystemRoot\system32\drivers\afd.sys
0x02D46000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D4F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D75000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02D8B000 \SystemRoot\system32\DRIVERS\ndistgb.sys
0x02D96000 \SystemRoot\System32\Drivers\dfiltervpn.sys
0x02DB7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02DC6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02DE1000 \SystemRoot\system32\drivers\termdd.sys
0x03643000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03694000 \SystemRoot\system32\drivers\nsiproxy.sys
0x036A0000 \SystemRoot\system32\drivers\mssmbios.sys
0x036AB000 \SystemRoot\System32\drivers\discache.sys
0x036BA000 \SystemRoot\System32\Drivers\dfsc.sys
0x036D8000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x036E9000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x03732000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03758000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x03760000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03775000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x03C27000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x04296000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0438A000 \SystemRoot\System32\drivers\dxgmms1.sys
0x043D0000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x043E5000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x043EF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03C00000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x037A9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03C0B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03600000 \SystemRoot\system32\drivers\HDAudBus.sys
0x03624000 \SystemRoot\system32\drivers\i8042prt.sys
0x02C00000 \SystemRoot\system32\drivers\kbdclass.sys
0x03A8B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x03ADD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03ADF000 \SystemRoot\system32\drivers\mouclass.sys
0x03AEE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03AF3000 \SystemRoot\system32\drivers\CompositeBus.sys
0x03B03000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03B19000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03B3D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03B49000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03B78000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03B93000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03BB4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03BCE000 \SystemRoot\system32\drivers\swenum.sys
0x03A00000 \SystemRoot\system32\drivers\ks.sys
0x03A43000 \SystemRoot\system32\drivers\umbus.sys
0x048D9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04933000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04948000 \SystemRoot\system32\drivers\CHDRT64.sys
0x04800000 \SystemRoot\system32\drivers\portcls.sys
0x0483D000 \SystemRoot\system32\drivers\drmk.sys
0x0485F000 \SystemRoot\system32\drivers\ksthunk.sys
0x048A1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x048AF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x048BB000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x048C6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x04865000 \SystemRoot\System32\drivers\Dxapi.sys
0x04871000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00440000 \SystemRoot\System32\TSDDD.dll
0x007A0000 \SystemRoot\System32\cdd.dll
0x03A55000 \SystemRoot\system32\drivers\luafv.sys
0x0487F000 \SystemRoot\system32\drivers\WudfPf.sys
0x03BD0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02AC3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02B16000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02B29000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x046D4000 \SystemRoot\system32\drivers\HTTP.sys
0x0479D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x047BB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0464E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02B41000 \SystemRoot\system32\drivers\peauth.sys
0x04672000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0467D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x046AE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02A00000 \SystemRoot\system32\hal.dll
0x05224000 \SystemRoot\System32\DRIVERS\srv.sys
0x771F0000 \Windows\System32\ntdll.dll
0x48100000 \Windows\System32\smss.exe
0xFF510000 \Windows\System32\apisetschema.dll

Processes (total 76):
0 System Idle Process
4 System
264 C:\Windows\System32\smss.exe
328 C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
360 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
584 csrss.exe
660 C:\Windows\System32\wininit.exe
672 csrss.exe
720 C:\Windows\System32\services.exe
732 C:\Windows\System32\lsass.exe
740 C:\Windows\System32\lsm.exe
796 C:\Windows\System32\winlogon.exe
892 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\atiesrxx.exe
712 C:\Windows\System32\svchost.exe
748 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\atieclxx.exe
1380 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\spoolsv.exe
1548 C:\Windows\System32\svchost.exe
1600 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1652 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1704 C:\Windows\SysWOW64\svchost.exe
1728 C:\Windows\System32\svchost.exe
1820 C:\Windows\System32\svchost.exe
1864 C:\Windows\System32\svchost.exe
1888 C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe
1936 C:\Windows\SysWOW64\TgbStarter.exe
1964 C:\Windows\System32\TODDSrv.exe
1992 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
1268 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
1700 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1912 C:\Windows\System32\SearchIndexer.exe
2084 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2576 C:\Windows\System32\svchost.exe
2780 C:\Windows\System32\taskhost.exe
2868 C:\Windows\System32\dwm.exe
2900 C:\Windows\explorer.exe
1236 C:\Windows\System32\svchost.exe
2496 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2488 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2624 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
2620 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
2376 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
2660 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
2672 C:\Program Files (x86)\NETGEAR\NETGEAR VPN Client Professional\vpnconf.exe
2668 C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
2688 C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
2232 C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe
2696 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
3324 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
3372 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3380 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3516 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3524 C:\Program Files (x86)\AVG Secure Search\vprot.exe
3564 C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
3736 C:\Program Files (x86)\NETGEAR\NETGEAR VPN Client Professional\tgbike.exe
3924 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3952 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2748 C:\Program Files\Windows Media Player\wmpnetwk.exe
3308 C:\Program Files\iPod\bin\iPodService.exe
3032 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
3532 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
304 C:\Windows\System32\svchost.exe
4188 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
2644 C:\Program Files (x86)\Nero\Update\NASvc.exe
1588 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
5048 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
2432 C:\Windows\System32\wuauclt.exe
3200 C:\Windows\explorer.exe
964 C:\Windows\System32\audiodg.exe
4612 C:\Users\Michelle\Desktop\MBRCheck.exe
3644 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3265GSX, Rev: GJ003M

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi y8z742,

How is your system now?

Please download Malwarebytes' Anti-Malware on infected PC and run it.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#10
y8z742

y8z742

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I have been avoiding using the system till I knew it was fixed. I didn't want to risk any personal data being sent to hackersetc.

Here is log you requested. I am still not getting any errors from Malwarebytes which was already installed as trial software.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7948

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/14/2011 2:43:12 PM
mbam-log-2011-10-14 (14-43-12).txt

Scan type: Quick scan
Objects scanned: 189975
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Looking good. Test your system for some time and I'll prepare cleanup for you. Stay tunned...
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi y8z742,

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP