Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vista - Windows Explorer crashes, programs won't install


  • This topic is locked This topic is locked

#1
kdokeeffe

kdokeeffe

    Member

  • Member
  • PipPip
  • 41 posts
Hi there!

trying to fix a PC, Samsung Satellite Laptop running Vista Home Premium. It is having problems running windows explorer and internet explorer specifically. Windows Updates won't take, after attempting on reboot a message appears saying "Updates were not configured correctly. Reverting Changes."

I already restored the PC to factory settings (not reimage) but the programs still crash. After the restore I was able to install some programs directly to the PC, at least for now.

At this stage I could run a virus scan, Malwarebytes Antimalware and ad aware. MWBAM and Adaware found nothing. Mcafee found one trojan which it quarantined.

At that point I connected to the internet to update the definitions on all programs, but the PC blue screened and the problems are continuing since.

Windows explorer crashes on startup still, IE does not start, and I cannot install other browsers. I can restart windows explorer through Task Manager which lets me install some programs.
I installed Spybot at this point, but it found nothing either.

It acts as if there are restrictions on admin rights even though I'm logged in as admin: I ran HiJack This and tried to fix 3 suspect entries but this action was not processed for some unknown reason. I can provide HJT info if needed (or anything else you need). Thanks in advance! -Kieran

here is the OTF log:

OTL logfile created on: 14/10/2011 13:54:53 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = F:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 58.40% Memory free
5.95 Gb Paging File | 4.84 Gb Available in Paging File | 81.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 87.64 Gb Free Space | 75.36% Space Free | Partition Type: NTFS
Drive D: | 115.13 Gb Total Space | 57.64 Gb Free Space | 50.07% Space Free | Partition Type: NTFS
Drive F: | 991.22 Mb Total Space | 838.69 Mb Free Space | 84.61% Space Free | Partition Type: FAT

Computer Name: ESTEVE-PC | User Name: eSteve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/14 13:26:48 | 000,582,656 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/10/13 15:27:22 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/13 15:27:21 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/03/05 14:35:12 | 000,393,216 | ---- | M] (TOSHIBA Europe) -- C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe
PRC - [2008/02/06 14:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/21 03:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/08/24 04:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/08/04 03:08:06 | 000,749,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/08/03 22:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/25 01:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/22 20:15:18 | 002,376,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/10/13 15:27:21 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/02/06 14:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/08/24 04:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/08/04 03:08:06 | 000,749,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/07/25 02:16:16 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/07/25 01:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/22 20:15:18 | 002,376,992 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/08/18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2008/07/18 18:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/05/19 19:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/15 09:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/11/09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 21:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/24 12:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 07:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 09:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 09:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 09:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 09:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSEA&bmod=TSEA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Unattend0000000001{5198FF2F-06A9-461D-8850-6327576C3989}] C:\Toshiba\Preinst\postoobe.cmd ()
O4 - Startup: C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/14 12:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/14 12:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/14 12:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/14 12:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/10/14 12:05:40 | 000,000,000 | ---D | C] -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/14 12:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/14 12:04:49 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\eSteve\Desktop\spybotsd162.exe
[2011/10/13 17:22:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/10/13 15:45:08 | 000,000,000 | ---D | C] -- C:\Users\eSteve\AppData\Local\Google
[2011/10/13 15:27:32 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/10/13 15:25:48 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/13 13:41:34 | 000,000,000 | ---D | C] -- C:\Users\eSteve\AppData\Roaming\Malwarebytes
[2011/10/13 13:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/13 13:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/13 13:41:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/13 13:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/13 12:37:31 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/10/13 12:37:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/10/13 12:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/10/13 12:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/10/13 12:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/10/13 12:36:20 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Searches
[2011/10/13 12:36:20 | 000,000,000 | R--D | C] -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/10/13 12:36:07 | 000,000,000 | ---D | C] -- C:\Users\eSteve\AppData\Roaming\Identities
[2011/10/13 12:35:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/13 12:34:48 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Contacts
[2011/10/13 12:19:05 | 000,000,000 | ---D | C] -- C:\Users\eSteve\AppData\Local\VirtualStore
[2011/10/13 12:19:02 | 000,000,000 | R--D | C] -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/10/13 12:19:02 | 000,000,000 | R--D | C] -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/10/13 12:19:02 | 000,000,000 | R--D | C] -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\AppData\Local\Temporary Internet Files
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Templates
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Start Menu
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\SendTo
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Recent
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\PrintHood
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\NetHood
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Documents\My Videos
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Documents\My Pictures
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Documents\My Music
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\My Documents
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Local Settings
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\AppData\Local\History
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Cookies
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Application Data
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\AppData\Local\Application Data
[2011/10/13 12:19:02 | 000,000,000 | ---D | C] -- C:\Users\eSteve\AppData\Local\Temp
[2011/10/13 12:19:02 | 000,000,000 | ---D | C] -- C:\Users\eSteve\AppData\Local\Microsoft
[2011/10/13 12:19:02 | 000,000,000 | ---D | C] -- C:\Users\eSteve\AppData\Roaming\Media Center Programs
[2011/10/13 12:19:01 | 000,000,000 | --SD | C] -- C:\Users\eSteve\AppData\Roaming\Microsoft
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Videos
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Saved Games
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Pictures
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Music
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Links
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Favorites
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Downloads
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Documents
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Desktop
[2011/10/13 12:19:01 | 000,000,000 | -H-D | C] -- C:\Users\eSteve\AppData
[2011/10/13 11:48:42 | 000,393,216 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll
[2011/10/13 11:48:42 | 000,376,832 | ---- | C] (Atheros) -- C:\Windows\System32\S64CPA.exe
[2011/10/13 11:48:42 | 000,053,248 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll
[2011/10/13 11:48:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\nn-NO
[2011/10/13 11:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2011/10/13 11:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011/10/13 11:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011/10/13 11:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Toshiba Shared
[2011/10/13 11:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA DVD PLAYER
[2011/10/13 11:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWaiting
[2011/10/13 11:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2011/10/13 11:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/10/13 11:40:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011/10/13 11:40:23 | 006,037,504 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/10/13 11:40:23 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2011/10/13 11:40:23 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2011/10/13 11:40:23 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2011/10/13 11:40:23 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2011/10/13 11:40:23 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\maxxaudioapo.dll
[2011/10/13 11:40:22 | 000,140,288 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll
[2011/10/13 11:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2011/10/13 11:39:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\ENU
[2011/10/13 11:39:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2011/10/13 11:37:37 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/10/13 11:32:53 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/14 13:54:51 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/14 13:54:51 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/14 13:49:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/14 13:41:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/14 13:23:21 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/10/14 13:23:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/14 13:23:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/14 13:23:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/14 13:22:27 | 3082,809,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/14 13:21:19 | 000,007,615 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/10/14 12:27:50 | 000,002,525 | ---- | M] () -- C:\Users\eSteve\Desktop\HiJackThis.lnk
[2011/10/14 12:22:08 | 000,001,084 | ---- | M] () -- C:\Users\eSteve\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/14 12:22:08 | 000,001,060 | ---- | M] () -- C:\Users\eSteve\Desktop\Spybot - Search & Destroy.lnk
[2011/10/14 12:09:45 | 000,001,833 | ---- | M] () -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2011/10/14 12:07:25 | 000,001,537 | ---- | M] () -- C:\Users\eSteve\Desktop\Windows Explorer.lnk
[2011/10/14 12:07:23 | 000,001,537 | ---- | M] () -- C:\Users\eSteve\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2011/10/14 11:55:20 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\eSteve\Desktop\spybotsd162.exe
[2011/10/14 11:54:48 | 001,402,880 | ---- | M] () -- C:\Users\eSteve\Desktop\HijackThis.msi
[2011/10/13 16:56:32 | 000,321,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/13 15:27:31 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/10/13 15:25:48 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/13 13:41:24 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 12:39:18 | 000,000,948 | ---- | M] () -- C:\Users\eSteve\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/13 12:37:34 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/10/13 11:58:37 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/10/13 11:47:56 | 000,016,076 | ---- | M] () -- C:\Windows\System32\results.xml
[2011/10/13 11:45:06 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\TOSHIBA_Satellite L300_08541-EN_PSLB8E-05V00.MRK
[2011/10/13 11:35:29 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2011/10/13 11:35:29 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/14 13:23:20 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/10/14 12:36:58 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/14 12:36:57 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/14 12:22:08 | 000,001,084 | ---- | C] () -- C:\Users\eSteve\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/14 12:22:08 | 000,001,060 | ---- | C] () -- C:\Users\eSteve\Desktop\Spybot - Search & Destroy.lnk
[2011/10/14 12:07:25 | 000,001,537 | ---- | C] () -- C:\Users\eSteve\Desktop\Windows Explorer.lnk
[2011/10/14 12:07:23 | 000,001,537 | ---- | C] () -- C:\Users\eSteve\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2011/10/14 12:05:40 | 000,002,525 | ---- | C] () -- C:\Users\eSteve\Desktop\HiJackThis.lnk
[2011/10/14 12:04:44 | 001,402,880 | ---- | C] () -- C:\Users\eSteve\Desktop\HijackThis.msi
[2011/10/14 12:02:43 | 3082,809,344 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/13 17:15:39 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/10/13 17:15:39 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/10/13 17:15:37 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/10/13 13:41:24 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 12:39:18 | 000,000,948 | ---- | C] () -- C:\Users\eSteve\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/13 12:37:34 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/10/13 12:36:24 | 000,000,954 | ---- | C] () -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/13 12:36:17 | 000,000,949 | ---- | C] () -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/10/13 12:36:03 | 000,000,920 | ---- | C] () -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/10/13 12:19:02 | 000,001,833 | ---- | C] () -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2011/10/13 12:19:02 | 000,000,258 | ---- | C] () -- C:\Users\eSteve\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/10/13 12:19:02 | 000,000,240 | ---- | C] () -- C:\Users\eSteve\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/10/13 11:47:56 | 000,016,076 | ---- | C] () -- C:\Windows\System32\results.xml
[2011/10/13 11:46:31 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2011/10/13 11:46:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2011/10/13 11:46:31 | 000,009,484 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2011/10/13 11:46:31 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2011/10/13 11:45:06 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\TOSHIBA_Satellite L300_08541-EN_PSLB8E-05V00.MRK
[2011/10/13 11:40:48 | 000,000,553 | ---- | C] () -- C:\Windows\USetup.iss
[2008/08/07 17:37:59 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/07 17:37:59 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/07 17:37:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/07 17:37:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/07 17:37:59 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/07 17:37:59 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/07 17:29:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/07 17:15:11 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/08/07 17:15:10 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/08/07 17:15:08 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/08/07 17:15:07 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/08/07 16:31:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/01/21 03:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,321,824 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,600,378 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,105,852 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

========== LOP Check ==========

[2011/10/14 13:23:21 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/10/13 11:35:29 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/10/13 11:35:29 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011/10/14 13:21:19 | 000,011,242 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :yes:

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:



Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



What issues are you currently experiencing with your computer?
  • 1

#3
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi SweetTech,

thanks for looking into this.

GMER scan:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-23 15:34:53
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.01.0
Running: gmer.exe; Driver: C:\Users\eSteve\AppData\Local\Temp\fxliypow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8E82698E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8E826928]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8E82693C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8E8269CC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8E826A0F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8E826900]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8E826914]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8E8269A2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8E826A37]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8E826A23]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8E82697A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8E826966]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8E8269FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8E8269E2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8E8269B8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8E826952]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 81C3119C 5 Bytes JMP 8E8269BC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 81DCB17C 5 Bytes JMP 8E826A13 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateUserProcess 81DD2DCA 5 Bytes JMP 8E826956 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 81DECF80 5 Bytes JMP 8E8269FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 81E0C1DC 5 Bytes JMP 8E826918 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 81E1BB18 5 Bytes JMP 8E826904 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 81E2E722 7 Bytes JMP 8E8269D0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 81E2ED79 5 Bytes JMP 8E8269E6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 81E30F8A 5 Bytes JMP 8E826992 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 81E3E648 5 Bytes JMP 8E82696A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 81E408A2 7 Bytes JMP 8E8269A6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 81E5F402 5 Bytes JMP 8E826A27 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 81E6044E 5 Bytes JMP 8E826A3B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 81E9E16D 5 Bytes JMP 8E82692C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 81E9E1B8 7 Bytes JMP 8E826940 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 81E9EC77 5 Bytes JMP 8E82697E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text kdcom.dll!KdSendPacket 80610041 37 Bytes [0B, B8, FF, FF, 00, 00, 66, ...]
.text kdcom.dll!KdSendPacket 80610067 230 Bytes [81, EC, 6C, 01, 00, 00, 53, ...]
.text kdcom.dll!KdSave + 2 8061014E 62 Bytes [C7, 8D, 50, 02, 66, 8B, 08, ...]
.text kdcom.dll!KdRestore + 31 8061018D 17 Bytes [00, 8B, B4, 1E, E0, 00, 00, ...]
.text kdcom.dll!KdRestore + 43 8061019F 253 Bytes [FC, 50, FF, 75, 0C, 56, E8, ...]
.text kdcom.dll!KdRestore + 141 8061029D 67 Bytes [55, 8B, EC, 83, EC, 14, 83, ...]
.text kdcom.dll!KdRestore + 185 806102E1 36 Bytes [59, 59, 85, C0, 75, 09, 8B, ...]
.text kdcom.dll!KdRestore + 1AA 80610306 33 Bytes [7D, FF, 00, 74, A9, 83, 7B, ...]
.text ...
PAGEKD kdcom.dll!KdReceivePacket + 25 80612199 6 Bytes [00, 00, 00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
PAGEKD kdcom.dll!KdReceivePacket + 2D 806121A1 40 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
PAGEKD kdcom.dll!KdReceivePacket + 56 806121CA 9 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
PAGEKD kdcom.dll!KdReceivePacket + 61 806121D5 20 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
PAGEKD kdcom.dll!KdReceivePacket + 77 806121EB 16 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
PAGEKD ...
PAGEKD kdcom.dll!KdSendPacket + 58 80612444 5 Bytes [00, 00, 00, 00, 00]
PAGEKD kdcom.dll!KdSendPacket + 5E 8061244A 3 Bytes [00, 00, 00]
PAGEKD kdcom.dll!KdSendPacket + 62 8061244E 14 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
PAGEKD kdcom.dll!KdSendPacket + 72 8061245E 14 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
PAGEKD kdcom.dll!KdSendPacket + 82 8061246E 14 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
PAGEKD ...
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x89D59480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x89D9A900, 0x3CA, 0x48000040]

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[404] kernel32.dll!LoadLibraryW 7782382D 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[404] kernel32.dll!LoadLibraryA 77829671 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\services.exe[708] kernel32.dll!GetStartupInfoW 77801929 5 Bytes JMP 001900AB
.text C:\Windows\system32\services.exe[708] kernel32.dll!GetStartupInfoA 778019C9 5 Bytes JMP 00190F65
.text C:\Windows\system32\services.exe[708] kernel32.dll!CreateProcessW 77801C01 5 Bytes JMP 00190F2F
.text C:\Windows\system32\services.exe[708] kernel32.dll!CreateProcessA 77801C36 5 Bytes JMP 00190F4A
.text C:\Windows\system32\services.exe[708] kernel32.dll!VirtualProtect 77801DD1 5 Bytes JMP 00190075
.text C:\Windows\system32\services.exe[708] kernel32.dll!CreateNamedPipeW 77805C44 5 Bytes JMP 00190022
.text C:\Windows\system32\services.exe[708] kernel32.dll!LoadLibraryExW 7782374A 5 Bytes JMP 00190F9B
.text C:\Windows\system32\services.exe[708] kernel32.dll!LoadLibraryW 7782382D 5 Bytes JMP 0019003D
.text C:\Windows\system32\services.exe[708] kernel32.dll!VirtualProtectEx 77828F5E 5 Bytes JMP 00190F80
.text C:\Windows\system32\services.exe[708] kernel32.dll!LoadLibraryExA 77829649 5 Bytes JMP 0019004E
.text C:\Windows\system32\services.exe[708] kernel32.dll!LoadLibraryA 77829671 5 Bytes JMP 00190FB6
.text C:\Windows\system32\services.exe[708] kernel32.dll!CreatePipe 77830474 5 Bytes JMP 00190090
.text C:\Windows\system32\services.exe[708] kernel32.dll!GetProcAddress 7784BAC6 5 Bytes JMP 001900E1
.text C:\Windows\system32\services.exe[708] kernel32.dll!CreateFileW 7784CE4E 5 Bytes JMP 00190011
.text C:\Windows\system32\services.exe[708] kernel32.dll!CreateFileA 7784D171 5 Bytes JMP 00190000
.text C:\Windows\system32\services.exe[708] kernel32.dll!CreateNamedPipeA 7789462E 5 Bytes JMP 00190FD1
.text C:\Windows\system32\services.exe[708] kernel32.dll!WinExec 7789580B 5 Bytes JMP 001900BC
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!RegCreateKeyExA 77B3B5E7 5 Bytes JMP 006F0040
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!RegCreateKeyA 77B3B8AE 5 Bytes JMP 006F0FB9
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!RegOpenKeyA 77B40BF5 5 Bytes JMP 006F0000
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!RegCreateKeyW 77B4B83D 5 Bytes JMP 006F0FA8
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!RegCreateKeyExW 77B4BCE1 5 Bytes JMP 006F0F79
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!RegOpenKeyExA 77B4D4E8 5 Bytes JMP 006F0025
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!RegOpenKeyW 77B53CB0 5 Bytes JMP 006F0FEF
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!RegOpenKeyExW 77B5F09D 5 Bytes JMP 006F0FD4
.text C:\Windows\system32\services.exe[708] msvcrt.dll!_wsystem 77938A47 5 Bytes JMP 006E003D
.text C:\Windows\system32\services.exe[708] msvcrt.dll!system 77938B63 5 Bytes JMP 006E0FB2
.text C:\Windows\system32\services.exe[708] msvcrt.dll!_creat 7793C6F1 5 Bytes JMP 006E0FCD
.text C:\Windows\system32\services.exe[708] msvcrt.dll!_open 7793DA7E 5 Bytes JMP 006E0000
.text C:\Windows\system32\services.exe[708] msvcrt.dll!_wcreat 7793DC9E 5 Bytes JMP 006E0022
.text C:\Windows\system32\services.exe[708] msvcrt.dll!_wopen 7793DE79 5 Bytes JMP 006E0011
.text C:\Windows\system32\services.exe[708] WS2_32.dll!socket 777036D1 5 Bytes JMP 0018000A
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!GetStartupInfoW 77801929 5 Bytes JMP 001D00B3
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!GetStartupInfoA 778019C9 5 Bytes JMP 001D0F63
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!CreateProcessW 77801C01 5 Bytes JMP 001D00D5
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!CreateProcessA 77801C36 5 Bytes JMP 001D0F3E
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!VirtualProtect 77801DD1 5 Bytes JMP 001D007D
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!CreateNamedPipeW 77805C44 5 Bytes JMP 001D0FD1
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!LoadLibraryExW 7782374A 5 Bytes JMP 001D006C
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!LoadLibraryW 7782382D 5 Bytes JMP 001D0FAF
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!VirtualProtectEx 77828F5E 5 Bytes JMP 001D0F88
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!LoadLibraryExA 77829649 5 Bytes JMP 001D0051
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!LoadLibraryA 77829671 5 Bytes JMP 001D0FC0
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!CreatePipe 77830474 5 Bytes JMP 001D008E
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!GetProcAddress 7784BAC6 5 Bytes JMP 001D0F23
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!CreateFileW 7784CE4E 5 Bytes JMP 001D0011
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!CreateFileA 7784D171 5 Bytes JMP 001D0000
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!CreateNamedPipeA 7789462E 5 Bytes JMP 001D002C
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!WinExec 7789580B 5 Bytes JMP 001D00C4
.text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyExA 77B3B5E7 5 Bytes JMP 004E0FA8
.text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyA 77B3B8AE 5 Bytes JMP 004E0040
.text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyA 77B40BF5 5 Bytes JMP 004E0000
.text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyW 77B4B83D 5 Bytes JMP 004E0FB9
.text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyExW 77B4BCE1 5 Bytes JMP 004E0065
.text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyExA 77B4D4E8 5 Bytes JMP 004E0FD4
.text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyW 77B53CB0 5 Bytes JMP 004E0FE5
.text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyExW 77B5F09D 5 Bytes JMP 004E001B
.text C:\Windows\system32\lsass.exe[792] msvcrt.dll!_wsystem 77938A47 5 Bytes JMP 001E0F90
.text C:\Windows\system32\lsass.exe[792] msvcrt.dll!system 77938B63 5 Bytes JMP 001E0025
.text C:\Windows\system32\lsass.exe[792] msvcrt.dll!_creat 7793C6F1 5 Bytes JMP 001E0FC6
.text C:\Windows\system32\lsass.exe[792] msvcrt.dll!_open 7793DA7E 5 Bytes JMP 001E0000
.text C:\Windows\system32\lsass.exe[792] msvcrt.dll!_wcreat 7793DC9E 5 Bytes JMP 001E0FB5
.text C:\Windows\system32\lsass.exe[792] msvcrt.dll!_wopen 7793DE79 5 Bytes JMP 001E0FD7
.text C:\Windows\system32\lsass.exe[792] WS2_32.dll!socket 777036D1 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoW 77801929 5 Bytes JMP 00370F79
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoA 778019C9 5 Bytes JMP 003700BF
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessW 77801C01 5 Bytes JMP 00370F32
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessA 77801C36 5 Bytes JMP 00370F4D
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtect 77801DD1 5 Bytes JMP 00370F94
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeW 77805C44 5 Bytes JMP 0037002C
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 7782374A 5 Bytes JMP 00370062
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryW 7782382D 5 Bytes JMP 00370047
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtectEx 77828F5E 5 Bytes JMP 00370089
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExA 77829649 5 Bytes JMP 00370FA5
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryA 77829671 5 Bytes JMP 00370FC0
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreatePipe 77830474 5 Bytes JMP 003700AE
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetProcAddress 7784BAC6 5 Bytes JMP 00370F17
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileW 7784CE4E 5 Bytes JMP 00370FE5
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileA 7784D171 5 Bytes JMP 00370000
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeA 7789462E 5 Bytes JMP 0037001B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!WinExec 7789580B 5 Bytes JMP 00370F68
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wsystem 77938A47 5 Bytes JMP 00380031
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!system 77938B63 5 Bytes JMP 00380FA6
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_creat 7793C6F1 5 Bytes JMP 00380FC8
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_open 7793DA7E 5 Bytes JMP 00380000
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wcreat 7793DC9E 5 Bytes JMP 00380FB7
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wopen 7793DE79 5 Bytes JMP 00380FE3
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA 77B3B5E7 5 Bytes JMP 003A0F90
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA 77B3B8AE 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA 77B3B8AE 5 Bytes JMP 003A0FB2
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA 77B40BF5 5 Bytes JMP 003A0FEF
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyW 77B4B83D 5 Bytes JMP 003A0FA1
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW 77B4BCE1 5 Bytes JMP 003A0043
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA 77B4D4E8 5 Bytes JMP 003A0FC3
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyW 77B53CB0 5 Bytes JMP 003A0FDE
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW 77B5F09D 5 Bytes JMP 003A001E
.text C:\Windows\system32\svchost.exe[936] WS2_32.dll!socket 777036D1 5 Bytes JMP 00360000
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!GetStartupInfoW 77801929 5 Bytes JMP 000D0082
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!GetStartupInfoA 778019C9 5 Bytes JMP 000D0F32
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateProcessW 77801C01 5 Bytes JMP 000D00B8
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateProcessA 77801C36 5 Bytes JMP 000D009D
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!VirtualProtect 77801DD1 5 Bytes JMP 000D0F68
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateNamedPipeW 77805C44 5 Bytes JMP 000D0011
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!LoadLibraryExW 7782374A 5 Bytes JMP 000D0F79
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!LoadLibraryW 7782382D 5 Bytes JMP 000D0F94
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!VirtualProtectEx 77828F5E 5 Bytes JMP 000D0053
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!LoadLibraryExA 77829649 5 Bytes JMP 000D0036
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!LoadLibraryA 77829671 5 Bytes JMP 000D0FA5
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreatePipe 77830474 5 Bytes JMP 000D0F43
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!GetProcAddress 7784BAC6 5 Bytes JMP 000D0F06
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateFileW 7784CE4E 5 Bytes JMP 000D0000
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateFileA 7784D171 5 Bytes JMP 000D0FEF
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateNamedPipeA 7789462E 5 Bytes JMP 000D0FCA
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!WinExec 7789580B 5 Bytes JMP 000D0F21
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!_wsystem 77938A47 5 Bytes JMP 000E0FA6
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!system 77938B63 5 Bytes JMP 000E0FB7
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!_creat 7793C6F1 5 Bytes JMP 000E001D
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!_open 7793DA7E 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!_wcreat 7793DC9E 5 Bytes JMP 000E0FC8
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!_wopen 7793DE79 5 Bytes JMP 000E0000
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExA 77B3B5E7 5 Bytes JMP 000F0F83
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyA 77B3B8AE 5 Bytes JMP 000F0F9E
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyA 77B40BF5 5 Bytes JMP 000F0FE5
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW 77B4B83D 5 Bytes JMP 000F001B
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExW 77B4BCE1 5 Bytes JMP 000F0F72
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExA 77B4D4E8 5 Bytes JMP 000F0FCA
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyW 77B53CB0 5 Bytes JMP 000F0000
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExW 77B5F09D 5 Bytes JMP 000F0FAF
.text C:\Windows\system32\svchost.exe[1040] WS2_32.dll!socket 777036D1 5 Bytes JMP 000C0FEF
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetStartupInfoW 77801929 5 Bytes JMP 00260F5B
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetStartupInfoA 778019C9 5 Bytes JMP 00260F76
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateProcessW 77801C01 5 Bytes JMP 002600D0
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateProcessA 77801C36 5 Bytes JMP 00260F39
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!VirtualProtect 77801DD1 5 Bytes JMP 00260086
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateNamedPipeW 77805C44 5 Bytes JMP 0026002C
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryExW 7782374A 5 Bytes JMP 00260069
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryW 7782382D 5 Bytes JMP 00260047
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!VirtualProtectEx 77828F5E 5 Bytes JMP 002600A1
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryExA 77829649 5 Bytes JMP 00260058
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryA 77829671 5 Bytes JMP 00260FCA
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreatePipe 77830474 5 Bytes JMP 00260F87
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetProcAddress 7784BAC6 5 Bytes JMP 00260F1E
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateFileW 7784CE4E 5 Bytes JMP 00260011
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateFileA 7784D171 5 Bytes JMP 00260000
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateNamedPipeA 7789462E 5 Bytes JMP 00260FDB
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!WinExec 7789580B 5 Bytes JMP 00260F4A
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wsystem 77938A47 5 Bytes JMP 00270064
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!system 77938B63 5 Bytes JMP 00270049
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_creat 7793C6F1 5 Bytes JMP 0027001D
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_open 7793DA7E 5 Bytes JMP 00270FEF
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wcreat 7793DC9E 5 Bytes JMP 0027002E
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wopen 7793DE79 5 Bytes JMP 0027000C
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExA 77B3B5E7 5 Bytes JMP 00280051
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyA 77B3B8AE 5 Bytes JMP 00280FC3
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyA 77B40BF5 5 Bytes JMP 00280FEF
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW 77B4B83D 5 Bytes JMP 00280040
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExW 77B4BCE1 5 Bytes JMP 0028006C
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExA 77B4D4E8 5 Bytes JMP 0028000A
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyW 77B53CB0 5 Bytes JMP 00280FD4
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExW 77B5F09D 5 Bytes JMP 00280025
.text C:\Windows\System32\svchost.exe[1092] WS2_32.dll!socket 777036D1 5 Bytes JMP 00240000
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!GetStartupInfoW 77801929 5 Bytes JMP 007500C4
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!GetStartupInfoA 778019C9 5 Bytes JMP 00750F7E
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateProcessW 77801C01 5 Bytes JMP 00750F59
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateProcessA 77801C36 5 Bytes JMP 007500F0
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!VirtualProtect 77801DD1 5 Bytes JMP 00750098
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateNamedPipeW 77805C44 5 Bytes JMP 00750036
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 7782374A 5 Bytes JMP 00750FC0
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!LoadLibraryW 7782382D 5 Bytes JMP 0075006C
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 77828F5E 5 Bytes JMP 007500A9
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!LoadLibraryExA 77829649 5 Bytes JMP 0075007D
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!LoadLibraryA 77829671 5 Bytes JMP 00750051
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreatePipe 77830474 5 Bytes JMP 00750F99
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!GetProcAddress 7784BAC6 5 Bytes JMP 00750F48
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateFileW 7784CE4E 5 Bytes JMP 00750FE5
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateFileA 7784D171 5 Bytes JMP 00750000
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateNamedPipeA 7789462E 5 Bytes JMP 0075001B
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!WinExec 7789580B 5 Bytes JMP 007500D5
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_wsystem 77938A47 5 Bytes JMP 00760F9C
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!system 77938B63 5 Bytes JMP 00760FAD
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_creat 7793C6F1 5 Bytes JMP 00760FE3
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_open 7793DA7E 5 Bytes JMP 00760000
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_wcreat 7793DC9E 5 Bytes JMP 00760FC8
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_wopen 7793DE79 5 Bytes JMP 00760011
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExA 77B3B5E7 5 Bytes JMP 0077004A
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyA 77B3B8AE 5 Bytes JMP 0077002F
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyA 77B40BF5 5 Bytes JMP 0077000A
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW 77B4B83D 5 Bytes JMP 00770FA8
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExW 77B4BCE1 5 Bytes JMP 0077005B
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExA 77B4D4E8 5 Bytes JMP 00770FDE
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyW 77B53CB0 5 Bytes JMP 00770FEF
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExW 77B5F09D 5 Bytes JMP 00770FCD
.text C:\Windows\System32\svchost.exe[1168] WS2_32.dll!socket 777036D1 5 Bytes JMP 00740000
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetStartupInfoW 77801929 5 Bytes JMP 00900F7C
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetStartupInfoA 778019C9 5 Bytes JMP 009000C2
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateProcessW 77801C01 5 Bytes JMP 009000DD
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateProcessA 77801C36 5 Bytes JMP 00900F46
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!VirtualProtect 77801DD1 5 Bytes JMP 0090008C
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateNamedPipeW 77805C44 5 Bytes JMP 00900014
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!LoadLibraryExW 7782374A 5 Bytes JMP 00900FB2
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!LoadLibraryW 7782382D 5 Bytes JMP 0090004A
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!VirtualProtectEx 77828F5E 5 Bytes JMP 009000B1
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!LoadLibraryExA 77829649 5 Bytes JMP 00900065
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!LoadLibraryA 77829671 5 Bytes JMP 0090002F
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreatePipe 77830474 5 Bytes JMP 00900FA1
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetProcAddress 7784BAC6 5 Bytes JMP 00900F2B
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateFileW 7784CE4E 5 Bytes JMP 00900FD4
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateFileA 7784D171 5 Bytes JMP 00900FE5
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateNamedPipeA 7789462E 5 Bytes JMP 00900FC3
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!WinExec 7789580B 5 Bytes JMP 00900F61
.text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!_wsystem 77938A47 5 Bytes JMP 00950F92
.text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!system 77938B63 5 Bytes JMP 00950FB7
.text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!_creat 7793C6F1 5 Bytes JMP 0095001D
.text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!_open 7793DA7E 5 Bytes JMP 00950FEF
.text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!_wcreat 7793DC9E 5 Bytes JMP 00950FC8
.text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!_wopen 7793DE79 5 Bytes JMP 0095000C
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExA 77B3B5E7 5 Bytes JMP 00960FAC
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyA 77B3B8AE 5 Bytes JMP 0096003D
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyA 77B40BF5 5 Bytes JMP 00960FEF
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyW 77B4B83D 5 Bytes JMP 0096004E
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExW 77B4BCE1 5 Bytes JMP 0096005F
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExA 77B4D4E8 5 Bytes JMP 0096001B
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyW 77B53CB0 5 Bytes JMP 0096000A
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExW 77B5F09D 5 Bytes JMP 0096002C
.text C:\Windows\System32\svchost.exe[1192] WS2_32.dll!socket 777036D1 5 Bytes JMP 008F000A
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoW 77801929 5 Bytes JMP 00360F63
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoA 778019C9 5 Bytes JMP 003600A9
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateProcessW 77801C01 5 Bytes JMP 003600E6
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateProcessA 77801C36 5 Bytes JMP 003600D5
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!VirtualProtect 77801DD1 5 Bytes JMP 00360087
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW 77805C44 5 Bytes JMP 00360FE5
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 7782374A 5 Bytes JMP 00360076
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryW 7782382D 5 Bytes JMP 00360FCA
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 77828F5E 5 Bytes JMP 00360F88
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 77829649 5 Bytes JMP 00360FB9
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryA 77829671 5 Bytes JMP 00360051
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreatePipe 77830474 5 Bytes JMP 00360098
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetProcAddress 7784BAC6 5 Bytes JMP 00360F34
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateFileW 7784CE4E 5 Bytes JMP 0036001B
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateFileA 7784D171 5 Bytes JMP 00360000
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA 7789462E 5 Bytes JMP 00360036
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!WinExec 7789580B 5 Bytes JMP 003600C4
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wsystem 77938A47 5 Bytes JMP 0037003A
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!system 77938B63 5 Bytes JMP 00370FB9
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_creat 7793C6F1 5 Bytes JMP 00370029
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_open 7793DA7E 5 Bytes JMP 00370FEF
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wcreat 7793DC9E 5 Bytes JMP 00370FD4
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wopen 7793DE79 5 Bytes JMP 00370018
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA 77B3B5E7 5 Bytes JMP 00380F94
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA 77B3B8AE 5 Bytes JMP 00380FA5
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA 77B40BF5 5 Bytes JMP 00380000
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW 77B4B83D 5 Bytes JMP 00380036
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW 77B4BCE1 5 Bytes JMP 00380F6F
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA 77B4D4E8 5 Bytes JMP 00380FE5
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW 77B53CB0 5 Bytes JMP 00380011
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW 77B5F09D 5 Bytes JMP 00380FC0
.text C:\Windows\system32\svchost.exe[1224] WS2_32.dll!socket 777036D1 5 Bytes JMP 0035000A
.text C:\Windows\system32\wuauclt.exe[1448] kernel32.dll!GetStartupInfoW 77801929 5 Bytes JMP 00010F5F
.text C:\Windows\system32\wuauclt.exe[1448] kernel32.dll!GetStartupInfoA 778019C9 5 Bytes JMP 0001009B
.text C:\Windows\system32\wuauclt.exe[1448] kernel32.dll!CreateProcessW 77801C01 5 Bytes JMP 000100D1
.text C:\Windows\system32\wuauclt.exe[1448] kernel32.dll!CreateProcessA 77801C36 5 Bytes JMP 000100C0
.text C:\Windows\system32\wuauclt.exe[1448] kernel32.dll!VirtualProtect 77801DD1 5 Bytes JMP 00010F8B
.text C:\Windows\system32\wuauclt.exe[1448] kernel32.dll!CreateNamedPipeW 77805C44 5 Bytes JMP 00010047
.text C:\Windows\system32\wuauclt.exe[1448] kernel32.dll!LoadLibraryExW 7782374A 5 Bytes JMP 00010FA8
.text C:\Windows\system32\wuauclt.exe[1448] kernel32.dll!LoadLibraryW 7782382D 5 Bytes JMP 00010FCA
.text C:\Windows\system32\wuauclt.exe[1448] kernel32.dll!VirtualProtectEx 77828F5E 5 Bytes JMP 00010F7A
.text C:\Windows\system32\wuauclt.exe[1448] kernel32.dll!LoadLibraryExA 77829649 5 Bytes JMP 00010FB9
.text C:\Windows\system32\wuauclt.exe[1448] kernel32.dll!LoadLibraryA 77829671 5 Bytes JMP 00010FE5
.text C:\Windows\system32\wuauclt.exe[1448] kernel32.dll!CreatePipe 77830474 5 Bytes JMP 0001008A
.text C:\Windows\system32\wuauclt.exe[1448] kernel32.dll!GetProcAddress 7784BAC6 5 Bytes JMP 00010F29
.text C:\Windows\system32\wuauclt.exe[1448] kernel32.dll!CreateFileW 7784CE4E 5 Bytes JMP 00010011
.text C:\Windows\system32\wuauclt.exe[1448] kernel32.dll!CreateFileA 7784D171 5 Bytes JMP 00010000
.text C:\Windows\system32\wuauclt.exe[1448] kernel32.dll!CreateNamedPipeA 7789462E 5 Bytes JMP 0001002C
.text C:\Windows\system32\wuauclt.exe[1448] kernel32.dll!WinExec 7789580B 5 Bytes JMP 00010F44
.text C:\Windows\system32\wuauclt.exe[1448] msvcrt.dll!_wsystem 77938A47 5 Bytes JMP 0006003B
.text C:\Windows\system32\wuauclt.exe[1448] msvcrt.dll!system 77938B63 5 Bytes JMP 00060FB0
.text C:\Windows\system32\wuauclt.exe[1448] msvcrt.dll!_creat 7793C6F1 5 Bytes JMP 00060FC1
.text C:\Windows\system32\wuauclt.exe[1448] msvcrt.dll!_open 7793DA7E 5 Bytes JMP 00060FEF
.text C:\Windows\system32\wuauclt.exe[1448] msvcrt.dll!_wcreat 7793DC9E 5 Bytes JMP 00060020
.text C:\Windows\system32\wuauclt.exe[1448] msvcrt.dll!_wopen 7793DE79 5 Bytes JMP 00060FD2
.text C:\Windows\system32\wuauclt.exe[1448] ADVAPI32.dll!RegCreateKeyExA 77B3B5E7 5 Bytes JMP 00070058
.text C:\Windows\system32\wuauclt.exe[1448] ADVAPI32.dll!RegCreateKeyA 77B3B8AE 5 Bytes JMP 0007002C
.text C:\Windows\system32\wuauclt.exe[1448] ADVAPI32.dll!RegOpenKeyA 77B40BF5 5 Bytes JMP 00070000
.text C:\Windows\system32\wuauclt.exe[1448] ADVAPI32.dll!RegCreateKeyW 77B4B83D 5 Bytes JMP 0007003D
.text C:\Windows\system32\wuauclt.exe[1448] ADVAPI32.dll!RegCreateKeyExW 77B4BCE1 5 Bytes JMP 00070069
.text C:\Windows\system32\wuauclt.exe[1448] ADVAPI32.dll!RegOpenKeyExA 77B4D4E8 5 Bytes JMP 00070FDB
.text C:\Windows\system32\wuauclt.exe[1448] ADVAPI32.dll!RegOpenKeyW 77B53CB0 5 Bytes JMP 00070011
.text C:\Windows\system32\wuauclt.exe[1448] ADVAPI32.dll!RegOpenKeyExW 77B5F09D 5 Bytes JMP 00070FC0
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoW 77801929 5 Bytes JMP 004A0F55
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoA 778019C9 5 Bytes JMP 004A009B
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateProcessW 77801C01 5 Bytes JMP 004A00C0
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateProcessA 77801C36 5 Bytes JMP 004A0F29
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!VirtualProtect 77801DD1 5 Bytes JMP 004A0F70
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeW 77805C44 5 Bytes JMP 004A0FCA
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExW 7782374A 5 Bytes JMP 004A004A
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!LoadLibraryW 7782382D 5 Bytes JMP 004A0F9E
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!VirtualProtectEx 77828F5E 5 Bytes JMP 004A006F
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExA 77829649 5 Bytes JMP 004A0F8D
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!LoadLibraryA 77829671 5 Bytes JMP 004A0FB9
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreatePipe 77830474 5 Bytes JMP 004A0080
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!GetProcAddress 7784BAC6 5 Bytes JMP 004A0F0E
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateFileW 7784CE4E 5 Bytes JMP 004A0011
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateFileA 7784D171 5 Bytes JMP 004A0000
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeA 7789462E 5 Bytes JMP 004A0FDB
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!WinExec 7789580B 5 Bytes JMP 004A0F44
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!_wsystem 77938A47 5 Bytes JMP 00970FC8
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!system 77938B63 5 Bytes JMP 00970053
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!_creat 7793C6F1 5 Bytes JMP 0097001D
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!_open 7793DA7E 5 Bytes JMP 00970FE3
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!_wcreat 7793DC9E 5 Bytes JMP 00970038
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!_wopen 7793DE79 5 Bytes JMP 00970000
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExA 77B3B5E7 5 Bytes JMP 0098005B
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyA 77B3B8AE 5 Bytes JMP 00980040
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyA 77B40BF5 5 Bytes JMP 00980000
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW 77B4B83D 5 Bytes JMP 00980FB9
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExW 77B4BCE1 5 Bytes JMP 00980F9E
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExA 77B4D4E8 5 Bytes JMP 00980025
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyW 77B53CB0 5 Bytes JMP 00980FEF
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExW 77B5F09D 5 Bytes JMP 00980FD4
.text C:\Windows\system32\svchost.exe[1468] WS2_32.dll!socket 777036D1 5 Bytes JMP 003C0FEF
.text C:\Windows\system32\svchost.exe[1468] WinInet.dll!InternetOpenA 777503DD 5 Bytes JMP 003D0FEF
.text C:\Windows\system32\svchost.exe[1468] WinInet.dll!InternetOpenUrlA 777520A3 5 Bytes JMP 003D000A
.text C:\Windows\system32\svchost.exe[1468] WinInet.dll!InternetOpenW 77752A58 5 Bytes JMP 003D0FD4
.text C:\Windows\system32\svchost.exe[1468] WinInet.dll!InternetOpenUrlW 7779AF69 5 Bytes JMP 003D001B
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!GetStartupInfoW 77801929 5 Bytes JMP 010E0F26
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!GetStartupInfoA 778019C9 5 Bytes JMP 010E0F37
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!CreateProcessW 77801C01 5 Bytes JMP 010E00AC
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!CreateProcessA 77801C36 5 Bytes JMP 010E0F15
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!VirtualProtect 77801DD1 5 Bytes JMP 010E0047
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!CreateNamedPipeW 77805C44 5 Bytes JMP 010E001B
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!LoadLibraryExW 7782374A 5 Bytes JMP 010E0036
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!LoadLibraryW 7782382D 3 Bytes JMP 010E0F8A
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!LoadLibraryW + 4 77823831 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!VirtualProtectEx 77828F5E 3 Bytes JMP 010E0F5C
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!VirtualProtectEx + 4 77828F62 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!LoadLibraryExA 77829649 3 Bytes JMP 010E0F79
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!LoadLibraryExA + 4 7782964D 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!LoadLibraryA 77829671 3 Bytes JMP 010E0FAF
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!LoadLibraryA + 4 77829675 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!CreatePipe 77830474 5 Bytes JMP 010E0062
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!GetProcAddress 7784BAC6 5 Bytes JMP 010E0EFA
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!CreateFileW 7784CE4E 5 Bytes JMP 010E0000
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!CreateFileA 7784D171 5 Bytes JMP 010E0FEF
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!CreateNamedPipeA 7789462E 5 Bytes JMP 010E0FCA
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!WinExec 7789580B 5 Bytes JMP 010E0087
.text C:\Windows\system32\svchost.exe[1592] msvcrt.dll!_wsystem 77938A47 5 Bytes JMP 010F002C
.text C:\Windows\system32\svchost.exe[1592] msvcrt.dll!system 77938B63 5 Bytes JMP 010F001B
.text C:\Windows\system32\svchost.exe[1592] msvcrt.dll!_creat 7793C6F1 5 Bytes JMP 010F000A
.text C:\Windows\system32\svchost.exe[1592] msvcrt.dll!_open 7793DA7E 5 Bytes JMP 010F0FEF
.text C:\Windows\system32\svchost.exe[1592] msvcrt.dll!_wcreat 7793DC9E 5 Bytes JMP 010F0FAB
.text C:\Windows\system32\svchost.exe[1592] msvcrt.dll!_wopen 7793DE79 5 Bytes JMP 010F0FD2
.text C:\Windows\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExA 77B3B5E7 5 Bytes JMP 01100028
.text C:\Windows\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyA 77B3B8AE 5 Bytes JMP 01100F8D
.text C:\Windows\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyA 77B40BF5 5 Bytes JMP 01100FEF
.text C:\Windows\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyW 77B4B83D 5 Bytes JMP 01100F7C
.text C:\Windows\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExW 77B4BCE1 5 Bytes JMP 01100039
.text C:\Windows\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExA 77B4D4E8 5 Bytes JMP 01100FC3
.text C:\Windows\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyW 77B53CB0 5 Bytes JMP 01100FDE
.text C:\Windows\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExW 77B5F09D 5 Bytes JMP 01100FB2
.text C:\Windows\system32\svchost.exe[1592] WS2_32.dll!socket 777036D1 5 Bytes JMP 01080000
.text C:\Windows\system32\svchost.exe[1592] WININET.dll!InternetOpenA 777503DD 5 Bytes JMP 010D0FEF
.text C:\Windows\system32\svchost.exe[1592] WININET.dll!InternetOpenUrlA 777520A3 5 Bytes JMP 010D0FDE
.text C:\Windows\system32\svchost.exe[1592] WININET.dll!InternetOpenW 77752A58 5 Bytes JMP 010D000A
.text C:\Windows\system32\svchost.exe[1592] WININET.dll!InternetOpenUrlW 7779AF69 5 Bytes JMP 010D0FCD
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!GetStartupInfoW 77801929 5 Bytes JMP 016500C0
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!GetStartupInfoA 778019C9 5 Bytes JMP 01650F70
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!CreateProcessW 77801C01 5 Bytes JMP 01650F29
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!CreateProcessA 77801C36 5 Bytes JMP 01650F4E
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!VirtualProtect 77801DD1 5 Bytes JMP 0165006F
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!CreateNamedPipeW 77805C44 5 Bytes JMP 01650FDE
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!LoadLibraryExW 7782374A 5 Bytes JMP 01650F95
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!LoadLibraryW 7782382D 5 Bytes JMP 0165005E
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!VirtualProtectEx 77828F5E 5 Bytes JMP 01650080
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!LoadLibraryExA 77829649 5 Bytes JMP 01650FB2
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!LoadLibraryA 77829671 5 Bytes JMP 01650FCD
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!CreatePipe 77830474 5 Bytes JMP 0165009B
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!GetProcAddress 7784BAC6 5 Bytes JMP 01650F18
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!CreateFileW 7784CE4E 5 Bytes JMP 01650FEF
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!CreateFileA 7784D171 5 Bytes JMP 0165000A
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!CreateNamedPipeA 7789462E 5 Bytes JMP 0165002F
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!WinExec 7789580B 5 Bytes JMP 01650F5F
.text C:\Windows\system32\svchost.exe[1812] msvcrt.dll!_wsystem 77938A47 5 Bytes JMP 016E0FC1
.text C:\Windows\system32\svchost.exe[1812] msvcrt.dll!system 77938B63 5 Bytes JMP 016E0042
.text C:\Windows\system32\svchost.exe[1812] msvcrt.dll!_creat 7793C6F1 5 Bytes JMP 016E001D
.text C:\Windows\system32\svchost.exe[1812] msvcrt.dll!_open 7793DA7E 5 Bytes JMP 016E0000
.text C:\Windows\system32\svchost.exe[1812] msvcrt.dll!_wcreat 7793DC9E 5 Bytes JMP 016E0FD2
.text C:\Windows\system32\svchost.exe[1812] msvcrt.dll!_wopen 7793DE79 5 Bytes JMP 016E0FEF
.text C:\Windows\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyExA 77B3B5E7 5 Bytes JMP 01770F94
.text C:\Windows\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyA 77B3B8AE 5 Bytes JMP 01770FAF
.text C:\Windows\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyA 77B40BF5 5 Bytes JMP 01770FE5
.text C:\Windows\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyW 77B4B83D 5 Bytes JMP 01770036
.text C:\Windows\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyExW 77B4BCE1 5 Bytes JMP 01770F79
.text C:\Windows\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyExA 77B4D4E8 5 Bytes JMP 01770011
.text C:\Windows\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyW 77B53CB0 5 Bytes JMP 01770000
.text C:\Windows\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyExW 77B5F09D 5 Bytes JMP 01770FC0
.text C:\Windows\system32\svchost.exe[1812] WS2_32.dll!socket 777036D1 5 Bytes JMP 01600000
.text C:\Windows\system32\svchost.exe[2076] kernel32.dll!GetStartupInfoW 77801929 5 Bytes JMP 003800AE
.text C:\Windows\system32\svchost.exe[2076] kernel32.dll!GetStartupInfoA 778019C9 5 Bytes JMP 00380F68
.text C:\Windows\system32\svchost.exe[2076] kernel32.dll!CreateProcessW 77801C01 5 Bytes JMP 003800D0
.text C:\Windows\system32\svchost.exe[2076] kernel32.dll!CreateProcessA 77801C36 5 Bytes JMP 003800BF
.text C:\Windows\system32\svchost.exe[2076] kernel32.dll!VirtualProtect 77801DD1 5 Bytes JMP 00380078
.text C:\Windows\system32\svchost.exe[2076] kernel32.dll!CreateNamedPipeW 77805C44 5 Bytes JMP 0038002F
.text C:\Windows\system32\svchost.exe[2076] kernel32.dll!LoadLibraryExW 7782374A 5 Bytes JMP 00380F9E
.text C:\Windows\system32\svchost.exe[2076] kernel32.dll!LoadLibraryW 7782382D 5 Bytes JMP 00380FB9
.text C:\Windows\system32\svchost.exe[2076] kernel32.dll!VirtualProtectEx 77828F5E 5 Bytes JMP 00380089
.text C:\Windows\system32\svchost.exe[2076] kernel32.dll!LoadLibraryExA 77829649 5 Bytes JMP 0038005B
.text C:\Windows\system32\svchost.exe[2076] kernel32.dll!LoadLibraryA 77829671 5 Bytes JMP 00380040
.text C:\Windows\system32\svchost.exe[2076] kernel32.dll!CreatePipe 77830474 5 Bytes JMP 00380F79
.text C:\Windows\system32\svchost.exe[2076] kernel32.dll!GetProcAddress 7784BAC6 5 Bytes JMP 003800E1
.text C:\Windows\system32\svchost.exe[2076] kernel32.dll!CreateFileW 7784CE4E 5 Bytes JMP 00380014
.text C:\Windows\system32\svchost.exe[2076] kernel32.dll!CreateFileA 7784D171 5 Bytes JMP 00380FEF
.text C:\Windows\system32\svchost.exe[2076] kernel32.dll!CreateNamedPipeA 7789462E 5 Bytes JMP 00380FDE
.text C:\Windows\system32\svchost.exe[2076] kernel32.dll!WinExec 7789580B 5 Bytes JMP 00380F4D
.text C:\Windows\system32\svchost.exe[2076] msvcrt.dll!_wsystem 77938A47 5 Bytes JMP 00720FAF
.text C:\Windows\system32\svchost.exe[2076] msvcrt.dll!system 77938B63 5 Bytes JMP 00720FCA
.text C:\Windows\system32\svchost.exe[2076] msvcrt.dll!_creat 7793C6F1 5 Bytes JMP 00720033
.text C:\Windows\system32\svchost.exe[2076] msvcrt.dll!_open 7793DA7E 5 Bytes JMP 0072000C
.text C:\Windows\system32\svchost.exe[2076] msvcrt.dll!_wcreat 7793DC9E 5 Bytes JMP 00720044
.text C:\Windows\system32\svchost.exe[2076] msvcrt.dll!_wopen 7793DE79 5 Bytes JMP 00720FEF
.text C:\Windows\system32\svchost.exe[2076] ADVAPI32.dll!RegCreateKeyExA 77B3B5E7 5 Bytes JMP 00730051
.text C:\Windows\system32\svchost.exe[2076] ADVAPI32.dll!RegCreateKeyA 77B3B8AE 5 Bytes JMP 00730025
.text C:\Windows\system32\svchost.exe[2076] ADVAPI32.dll!RegOpenKeyA 77B40BF5 5 Bytes JMP 00730FE5
.text C:\Windows\system32\svchost.exe[2076] ADVAPI32.dll!RegCreateKeyW 77B4B83D 5 Bytes JMP 00730036
.text C:\Windows\system32\svchost.exe[2076] ADVAPI32.dll!RegCreateKeyExW 77B4BCE1 5 Bytes JMP 00730062
.text C:\Windows\system32\svchost.exe[2076] ADVAPI32.dll!RegOpenKeyExA 77B4D4E8 5 Bytes JMP 00730FCA
.text C:\Windows\system32\svchost.exe[2076] ADVAPI32.dll!RegOpenKeyW 77B53CB0 5 Bytes JMP 00730000
.text C:\Windows\system32\svchost.exe[2076] ADVAPI32.dll!RegOpenKeyExW 77B5F09D 5 Bytes JMP 00730FB9
.text C:\Windows\system32\svchost.exe[2076] WS2_32.dll!socket 777036D1 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\svchost.exe[2100] kernel32.dll!GetStartupInfoW 77801929 5 Bytes JMP 00300F52
.text C:\Windows\system32\svchost.exe[2100] kernel32.dll!GetStartupInfoA 778019C9 5 Bytes JMP 00300F6D
.text C:\Windows\system32\svchost.exe[2100] kernel32.dll!CreateProcessW 77801C01 5 Bytes JMP 003000D8
.text C:\Windows\system32\svchost.exe[2100] kernel32.dll!CreateProcessA 77801C36 5 Bytes JMP 00300F41
.text C:\Windows\system32\svchost.exe[2100] kernel32.dll!VirtualProtect 77801DD1 5 Bytes JMP 0030007D
.text C:\Windows\system32\svchost.exe[2100] kernel32.dll!CreateNamedPipeW 77805C44 5 Bytes JMP 0030002F
.text C:\Windows\system32\svchost.exe[2100] kernel32.dll!LoadLibraryExW 7782374A 5 Bytes JMP 0030006C
.text C:\Windows\system32\svchost.exe[2100] kernel32.dll!LoadLibraryW 7782382D 5 Bytes JMP 0030005B
.text C:\Windows\system32\svchost.exe[2100] kernel32.dll!VirtualProtectEx 77828F5E 5 Bytes JMP 00300F88
.text C:\Windows\system32\svchost.exe[2100] kernel32.dll!LoadLibraryExA 77829649 5 Bytes JMP 00300FB9
.text C:\Windows\system32\svchost.exe[2100] kernel32.dll!LoadLibraryA 77829671 5 Bytes JMP 00300040
.text C:\Windows\system32\svchost.exe[2100] kernel32.dll!CreatePipe 77830474 5 Bytes JMP 00300098
.text C:\Windows\system32\svchost.exe[2100] kernel32.dll!GetProcAddress 7784BAC6 5 Bytes JMP 00300F26
.text C:\Windows\system32\svchost.exe[2100] kernel32.dll!CreateFileW 7784CE4E 5 Bytes JMP 00300FDE
.text C:\Windows\system32\svchost.exe[2100] kernel32.dll!CreateFileA 7784D171 5 Bytes JMP 00300FEF
.text C:\Windows\system32\svchost.exe[2100] kernel32.dll!CreateNamedPipeA 7789462E 5 Bytes JMP 0030001E
.text C:\Windows\system32\svchost.exe[2100] kernel32.dll!WinExec 7789580B 5 Bytes JMP 003000BD
.text C:\Windows\system32\svchost.exe[2100] msvcrt.dll!_wsystem 77938A47 5 Bytes JMP 00310058
.text C:\Windows\system32\svchost.exe[2100] msvcrt.dll!system 77938B63 5 Bytes JMP 00310047
.text C:\Windows\system32\svchost.exe[2100] msvcrt.dll!_creat 7793C6F1 5 Bytes JMP 00310011
.text C:\Windows\system32\svchost.exe[2100] msvcrt.dll!_open 7793DA7E 5 Bytes JMP 00310FEF
.text C:\Windows\system32\svchost.exe[2100] msvcrt.dll!_wcreat 7793DC9E 5 Bytes JMP 00310022
.text C:\Windows\system32\svchost.exe[2100] msvcrt.dll!_wopen 7793DE79 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyExA 77B3B5E7 5 Bytes JMP 00320054
.text C:\Windows\system32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyA 77B3B8AE 5 Bytes JMP 00320039
.text C:\Windows\system32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyA 77B40BF5 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyW 77B4B83D 5 Bytes JMP 00320FB2
.text C:\Windows\system32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyExW 77B4BCE1 5 Bytes JMP 00320FA1
.text C:\Windows\system32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyExA 77B4D4E8 5 Bytes JMP 00320FC3
.text C:\Windows\system32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyW 77B53CB0 5 Bytes JMP 00320FD4
.text C:\Windows\system32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyExW 77B5F09D 5 Bytes JMP 0032001E
.text C:\Windows\system32\svchost.exe[2100] WS2_32.dll!socket 777036D1 5 Bytes JMP 00290FEF
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!GetStartupInfoW 77801929 5 Bytes JMP 00010F2B
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!GetStartupInfoA 778019C9 5 Bytes JMP 00010F46
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateProcessW 77801C01 5 Bytes JMP 00010096
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateProcessA 77801C36 5 Bytes JMP 00010EFF
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!VirtualProtect 77801DD1 5 Bytes JMP 00010F72
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateNamedPipeW 77805C44 5 Bytes JMP 00010FB2
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!LoadLibraryExW 7782374A 5 Bytes JMP 0001004C
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!LoadLibraryW 7782382D 5 Bytes JMP 00010F8D
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!VirtualProtectEx 77828F5E 5 Bytes JMP 00010067
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!LoadLibraryExA 77829649 5 Bytes JMP 0001002F
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!LoadLibraryA 77829671 5 Bytes JMP 00010014
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreatePipe 77830474 5 Bytes JMP 00010F57
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!GetProcAddress 7784BAC6 5 Bytes JMP 000100A7
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateFileW 7784CE4E 5 Bytes JMP 00010FDE
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateFileA 7784D171 5 Bytes JMP 00010FEF
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateNamedPipeA 7789462E 5 Bytes JMP 00010FCD
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!WinExec 7789580B 5 Bytes JMP 00010F1A
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!_wsystem 77938A47 5 Bytes JMP 0009002F
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!system 77938B63 5 Bytes JMP 00090FA4
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!_creat 7793C6F1 5 Bytes JMP 00090FC6
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!_open 7793DA7E 5 Bytes JMP 00090000
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!_wcreat 7793DC9E 5 Bytes JMP 00090FB5
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!_wopen 7793DE79 5 Bytes JMP 00090FD7
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegCreateKeyExA 77B3B5E7 5 Bytes JMP 000A0062
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegCreateKeyA 77B3B8AE 5 Bytes JMP 000A0FCA
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegOpenKeyA 77B40BF5 5 Bytes JMP 000A000A
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegCreateKeyW 77B4B83D 5 Bytes JMP 000A0051
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegCreateKeyExW 77B4BCE1 5 Bytes JMP 000A007D
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegOpenKeyExA 77B4D4E8 5 Bytes JMP 000A0FE5
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegOpenKeyW 77B53CB0 5 Bytes JMP 000A001B
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegOpenKeyExW 77B5F09D 5 Bytes JMP 000A0036
.text C:\Windows\System32\svchost.exe[2620] WS2_32.dll!socket 777036D1 5 Bytes JMP 00D00FE5
.text C:\Windows\explorer.exe[3992] kernel32.dll!GetStartupInfoW 77801929 5 Bytes JMP 000100DA
.text C:\Windows\explorer.exe[3992] kernel32.dll!GetStartupInfoA 778019C9 5 Bytes JMP 000100BF
.text C:\Windows\explorer.exe[3992] kernel32.dll!CreateProcessW 77801C01 5 Bytes JMP 000100F5
.text C:\Windows\explorer.exe[3992] kernel32.dll!CreateProcessA 77801C36 5 Bytes JMP 00010F5E
.text C:\Windows\explorer.exe[3992] kernel32.dll!VirtualProtect 77801DD1 5 Bytes JMP 00010FB9
.text C:\Windows\explorer.exe[3992] kernel32.dll!CreateNamedPipeW 77805C44 5 Bytes JMP 00010FDE
.text C:\Windows\explorer.exe[3992] kernel32.dll!LoadLibraryExW 7782374A 5 Bytes JMP 00010093
.text C:\Windows\explorer.exe[3992] kernel32.dll!LoadLibraryW 7782382D 5 Bytes JMP 0001005B
.text C:\Windows\explorer.exe[3992] kernel32.dll!VirtualProtectEx 77828F5E 5 Bytes JMP 000100AE
.text C:\Windows\explorer.exe[3992] kernel32.dll!LoadLibraryExA 77829649 5 Bytes JMP 00010076
.text C:\Windows\explorer.exe[3992] kernel32.dll!LoadLibraryA 77829671 5 Bytes JMP 00010040
.text C:\Windows\explorer.exe[3992] kernel32.dll!CreatePipe 77830474 5 Bytes JMP 00010F9E
.text C:\Windows\explorer.exe[3992] kernel32.dll!GetProcAddress 7784BAC6 5 Bytes JMP 00010F43
.text C:\Windows\explorer.exe[3992] kernel32.dll!CreateFileW 7784CE4E 5 Bytes JMP 0001000A
.text C:\Windows\explorer.exe[3992] kernel32.dll!CreateFileA 7784D171 5 Bytes JMP 00010FEF
.text C:\Windows\explorer.exe[3992] kernel32.dll!CreateNamedPipeA 7789462E 5 Bytes JMP 00010025
.text C:\Windows\explorer.exe[3992] kernel32.dll!WinExec 7789580B 5 Bytes JMP 00010F79
.text C:\Windows\explorer.exe[3992] ADVAPI32.dll!RegCreateKeyExA 77B3B5E7 5 Bytes JMP 00050FA8
.text C:\Windows\explorer.exe[3992] ADVAPI32.dll!RegCreateKeyA 77B3B8AE 5 Bytes JMP 00050FC3
.text C:\Windows\explorer.exe[3992] ADVAPI32.dll!RegOpenKeyA 77B40BF5 5 Bytes JMP 00050FEF
.text C:\Windows\explorer.exe[3992] ADVAPI32.dll!RegCreateKeyW 77B4B83D 5 Bytes JMP 0005004A
.text C:\Windows\explorer.exe[3992] ADVAPI32.dll!RegCreateKeyExW 77B4BCE1 5 Bytes JMP 00050065
.text C:\Windows\explorer.exe[3992] ADVAPI32.dll!RegOpenKeyExA 77B4D4E8 5 Bytes JMP 00050025
.text C:\Windows\explorer.exe[3992] ADVAPI32.dll!RegOpenKeyW 77B53CB0 5 Bytes JMP 0005000A
.text C:\Windows\explorer.exe[3992] ADVAPI32.dll!RegOpenKeyExW 77B5F09D 5 Bytes JMP 00050FD4
.text C:\Windows\explorer.exe[3992] msvcrt.dll!_wsystem 77938A47 5 Bytes JMP 00060F84
.text C:\Windows\explorer.exe[3992] msvcrt.dll!system 77938B63 5 Bytes JMP 00060F95
.text C:\Windows\explorer.exe[3992] msvcrt.dll!_creat 7793C6F1 5 Bytes JMP 00060FC1
.text C:\Windows\explorer.exe[3992] msvcrt.dll!_open 7793DA7E 5 Bytes JMP 00060FEF
.text C:\Windows\explorer.exe[3992] msvcrt.dll!_wcreat 7793DC9E 5 Bytes JMP 00060FA6
.text C:\Windows\explorer.exe[3992] msvcrt.dll!_wopen 7793DE79 5 Bytes JMP 00060FD2
.text C:\Windows\explorer.exe[3992] WS2_32.dll!socket 777036D1 5 Bytes JMP 024E0000
.text C:\Windows\explorer.exe[3992] WININET.dll!InternetOpenA 777503DD 5 Bytes JMP 02530000
.text C:\Windows\explorer.exe[3992] WININET.dll!InternetOpenUrlA 777520A3 5 Bytes JMP 02530022
.text C:\Windows\explorer.exe[3992] WININET.dll!InternetOpenW 77752A58 5 Bytes JMP 02530011
.text C:\Windows\explorer.exe[3992] WININET.dll!InternetOpenUrlW 7779AF69 5 Bytes JMP 02530FD1

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\iaStor \Device\Ide\iaStor0 867DCF16
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 867DCF16
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 867DCF16

AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:244] 867DF0B3
Thread System [4:252] 867DF923
Thread System [4:256] 867E07FB

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 [email protected] code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 0 bytes

---- EOF - GMER 1.0.15 ----

OTL.txt:
OTL logfile created on: 23/10/2011 15:37:46 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\eSteve\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 54.84% Memory free
5.96 Gb Paging File | 4.80 Gb Available in Paging File | 80.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 81.35 Gb Free Space | 69.95% Space Free | Partition Type: NTFS
Drive D: | 115.13 Gb Total Space | 57.64 Gb Free Space | 50.07% Space Free | Partition Type: NTFS
Drive F: | 991.22 Mb Total Space | 990.28 Mb Free Space | 99.91% Space Free | Partition Type: FAT

Computer Name: ESTEVE-PC | User Name: eSteve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/22 17:18:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\eSteve\Desktop\OTL.exe
PRC - [2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\eSteve\Desktop\gmer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/02/06 14:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/08/24 04:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/08/15 23:15:22 | 000,746,832 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/08/04 03:08:06 | 000,749,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/08/03 22:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/25 01:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/22 20:15:18 | 002,376,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/07/13 07:14:56 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\eSteve\Desktop\gmer.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/10/13 15:27:21 | 002,151,640 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/02/06 14:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/08/24 04:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/08/04 03:08:06 | 000,749,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/07/25 02:16:16 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/07/25 01:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/22 20:15:18 | 002,376,992 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/08/18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2008/07/18 18:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/05/19 19:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/15 09:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/11/09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 21:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/24 12:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 07:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 09:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 09:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 09:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 09:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSEA&bmod=TSEA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-373376315-115607217-4222124936-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...TSEA&bmod=TSEA;
IE - HKU\S-1-5-21-373376315-115607217-4222124936-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...TSEA&bmod=TSEA;
IE - HKU\S-1-5-21-373376315-115607217-4222124936-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-373376315-115607217-4222124936-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-373376315-115607217-4222124936-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-373376315-115607217-4222124936-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-373376315-115607217-4222124936-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Unattend0000000001{5198FF2F-06A9-461D-8850-6327576C3989}] C:\Toshiba\Preinst\postoobe.cmd ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/23 15:36:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\eSteve\Desktop\OTL.exe
[2011/10/23 03:10:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/10/14 12:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/14 12:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/14 12:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/14 12:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/10/14 12:05:40 | 000,000,000 | ---D | C] -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/14 12:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/14 12:04:49 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\eSteve\Desktop\spybotsd162.exe
[2011/10/13 17:22:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/10/13 17:16:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/10/13 17:16:07 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/10/13 17:16:07 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/10/13 17:16:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/10/13 17:16:01 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/10/13 17:16:01 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/10/13 17:15:53 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/10/13 17:15:53 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/10/13 17:15:53 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/10/13 17:15:52 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/10/13 17:15:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/10/13 17:15:29 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/10/13 17:15:28 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/10/13 17:15:28 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/10/13 17:15:28 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/10/13 17:15:28 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/10/13 17:02:49 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/10/13 17:02:40 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/10/13 16:46:24 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011/10/13 16:33:46 | 000,604,520 | ---- | C] (Google Inc.) -- C:\Users\eSteve\Desktop\ChromeSetup.exe
[2011/10/13 16:28:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/10/13 16:28:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/10/13 16:28:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011/10/13 16:28:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011/10/13 16:28:19 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011/10/13 16:21:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/10/13 15:45:08 | 000,000,000 | ---D | C] -- C:\Users\eSteve\AppData\Local\Google
[2011/10/13 15:41:23 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/10/13 15:27:32 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/10/13 15:25:48 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/13 15:24:00 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011/10/13 15:24:00 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011/10/13 15:22:52 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011/10/13 15:22:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/10/13 13:41:34 | 000,000,000 | ---D | C] -- C:\Users\eSteve\AppData\Roaming\Malwarebytes
[2011/10/13 13:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/13 13:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/13 13:41:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/13 13:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/13 12:37:31 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/10/13 12:37:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/10/13 12:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/10/13 12:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/10/13 12:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/10/13 12:36:20 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Searches
[2011/10/13 12:36:20 | 000,000,000 | R--D | C] -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/10/13 12:36:07 | 000,000,000 | ---D | C] -- C:\Users\eSteve\AppData\Roaming\Identities
[2011/10/13 12:35:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/13 12:34:48 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Contacts
[2011/10/13 12:19:05 | 000,000,000 | ---D | C] -- C:\Users\eSteve\AppData\Local\VirtualStore
[2011/10/13 12:19:02 | 000,000,000 | R--D | C] -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/10/13 12:19:02 | 000,000,000 | R--D | C] -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/10/13 12:19:02 | 000,000,000 | R--D | C] -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\AppData\Local\Temporary Internet Files
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Templates
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Start Menu
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\SendTo
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Recent
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\PrintHood
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\NetHood
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Documents\My Videos
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Documents\My Pictures
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Documents\My Music
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\My Documents
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Local Settings
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\AppData\Local\History
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Cookies
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\Application Data
[2011/10/13 12:19:02 | 000,000,000 | -HSD | C] -- C:\Users\eSteve\AppData\Local\Application Data
[2011/10/13 12:19:02 | 000,000,000 | ---D | C] -- C:\Users\eSteve\AppData\Local\Temp
[2011/10/13 12:19:02 | 000,000,000 | ---D | C] -- C:\Users\eSteve\AppData\Local\Microsoft
[2011/10/13 12:19:02 | 000,000,000 | ---D | C] -- C:\Users\eSteve\AppData\Roaming\Media Center Programs
[2011/10/13 12:19:01 | 000,000,000 | --SD | C] -- C:\Users\eSteve\AppData\Roaming\Microsoft
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Videos
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Saved Games
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Pictures
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Music
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Links
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Favorites
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Downloads
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Documents
[2011/10/13 12:19:01 | 000,000,000 | R--D | C] -- C:\Users\eSteve\Desktop
[2011/10/13 12:19:01 | 000,000,000 | -H-D | C] -- C:\Users\eSteve\AppData
[2011/10/13 11:48:42 | 000,393,216 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll
[2011/10/13 11:48:42 | 000,376,832 | ---- | C] (Atheros) -- C:\Windows\System32\S64CPA.exe
[2011/10/13 11:48:42 | 000,053,248 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll
[2011/10/13 11:48:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\nn-NO
[2011/10/13 11:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2011/10/13 11:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011/10/13 11:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011/10/13 11:47:22 | 000,279,376 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\tos_sps32.sys
[2011/10/13 11:47:17 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/10/13 11:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Toshiba Shared
[2011/10/13 11:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA DVD PLAYER
[2011/10/13 11:46:31 | 000,491,520 | ---- | C] (Toshiba Corporation) -- C:\Windows\System32\cselect.exe
[2011/10/13 11:46:31 | 000,106,496 | ---- | C] (Toshiba) -- C:\Windows\System32\tosmreg.exe
[2011/10/13 11:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWaiting
[2011/10/13 11:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2011/10/13 11:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/10/13 11:40:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011/10/13 11:40:25 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2011/10/13 11:40:23 | 006,037,504 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/10/13 11:40:23 | 002,168,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2011/10/13 11:40:23 | 001,196,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2011/10/13 11:40:23 | 000,694,272 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2011/10/13 11:40:23 | 000,532,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2011/10/13 11:40:23 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2011/10/13 11:40:23 | 000,285,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2011/10/13 11:40:23 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2011/10/13 11:40:23 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2011/10/13 11:40:23 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2011/10/13 11:40:23 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\maxxaudioapo.dll
[2011/10/13 11:40:23 | 000,031,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2011/10/13 11:40:22 | 000,140,288 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll
[2011/10/13 11:40:21 | 000,520,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2011/10/13 11:40:21 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2011/10/13 11:39:42 | 000,920,088 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2011/10/13 11:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2011/10/13 11:39:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\ENU
[2011/10/13 11:39:29 | 001,034,776 | ---- | C] (Intel Corporation) -- C:\Windows\System32\imsmudlg.exe
[2011/10/13 11:39:29 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2011/10/13 11:39:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2011/10/13 11:37:37 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/10/13 11:32:53 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/23 15:41:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/23 15:34:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/23 15:34:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/23 14:06:44 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/23 14:06:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/23 03:17:21 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/23 03:17:21 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/23 03:10:44 | 460,912,627 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/23 03:09:32 | 3082,809,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/22 23:33:19 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/10/22 23:33:19 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/10/22 17:18:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\eSteve\Desktop\OTL.exe
[2011/10/14 15:29:04 | 000,007,615 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/10/14 12:27:50 | 000,002,525 | ---- | M] () -- C:\Users\eSteve\Desktop\HiJackThis.lnk
[2011/10/14 12:22:08 | 000,001,084 | ---- | M] () -- C:\Users\eSteve\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/14 12:22:08 | 000,001,060 | ---- | M] () -- C:\Users\eSteve\Desktop\Spybot - Search & Destroy.lnk
[2011/10/14 12:07:25 | 000,001,537 | ---- | M] () -- C:\Users\eSteve\Desktop\Windows Explorer.lnk
[2011/10/14 12:07:23 | 000,001,537 | ---- | M] () -- C:\Users\eSteve\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2011/10/14 11:55:20 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\eSteve\Desktop\spybotsd162.exe
[2011/10/14 11:54:48 | 001,402,880 | ---- | M] () -- C:\Users\eSteve\Desktop\HijackThis.msi
[2011/10/13 16:56:32 | 000,321,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/13 15:43:50 | 000,604,520 | ---- | M] (Google Inc.) -- C:\Users\eSteve\Desktop\ChromeSetup.exe
[2011/10/13 15:27:31 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/10/13 15:25:48 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/13 13:41:24 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 12:39:18 | 000,000,948 | ---- | M] () -- C:\Users\eSteve\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/13 12:37:34 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/10/13 11:58:37 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/10/13 11:47:56 | 000,016,076 | ---- | M] () -- C:\Windows\System32\results.xml
[2011/10/13 11:45:06 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\TOSHIBA_Satellite L300_08541-EN_PSLB8E-05V00.MRK
[2011/10/13 11:40:26 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2011/10/13 11:40:21 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2011/10/13 11:35:29 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2011/10/13 11:35:29 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/23 03:10:07 | 460,912,627 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/22 23:33:19 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/10/22 23:33:19 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/10/14 12:36:58 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/14 12:36:57 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/14 12:22:08 | 000,001,084 | ---- | C] () -- C:\Users\eSteve\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/14 12:22:08 | 000,001,060 | ---- | C] () -- C:\Users\eSteve\Desktop\Spybot - Search & Destroy.lnk
[2011/10/14 12:07:25 | 000,001,537 | ---- | C] () -- C:\Users\eSteve\Desktop\Windows Explorer.lnk
[2011/10/14 12:07:23 | 000,001,537 | ---- | C] () -- C:\Users\eSteve\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2011/10/14 12:05:40 | 000,002,525 | ---- | C] () -- C:\Users\eSteve\Desktop\HiJackThis.lnk
[2011/10/14 12:04:44 | 001,402,880 | ---- | C] () -- C:\Users\eSteve\Desktop\HijackThis.msi
[2011/10/14 12:02:43 | 3082,809,344 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/13 17:15:39 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/10/13 17:15:39 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/10/13 17:15:37 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/10/13 13:41:24 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 12:39:18 | 000,000,948 | ---- | C] () -- C:\Users\eSteve\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/13 12:37:34 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/10/13 12:36:24 | 000,000,954 | ---- | C] () -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/13 12:36:17 | 000,000,949 | ---- | C] () -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/10/13 12:36:03 | 000,000,920 | ---- | C] () -- C:\Users\eSteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/10/13 12:19:02 | 000,000,258 | ---- | C] () -- C:\Users\eSteve\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/10/13 12:19:02 | 000,000,240 | ---- | C] () -- C:\Users\eSteve\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/10/13 11:47:56 | 000,016,076 | ---- | C] () -- C:\Windows\System32\results.xml
[2011/10/13 11:46:31 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2011/10/13 11:46:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2011/10/13 11:46:31 | 000,009,484 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2011/10/13 11:46:31 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2011/10/13 11:45:06 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\TOSHIBA_Satellite L300_08541-EN_PSLB8E-05V00.MRK
[2011/10/13 11:40:48 | 000,000,553 | ---- | C] () -- C:\Windows\USetup.iss
[2008/08/07 17:37:59 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/07 17:37:59 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/07 17:37:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/07 17:37:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/07 17:37:59 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/07 17:37:59 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/07 17:29:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/07 17:15:11 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/08/07 17:15:10 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/08/07 17:15:08 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/08/07 17:15:07 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/08/07 16:31:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/01/21 03:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,321,824 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,600,378 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,105,852 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

< End of report >

Extras:
OTL Extras logfile created on: 23/10/2011 15:37:46 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\eSteve\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 54.84% Memory free
5.96 Gb Paging File | 4.80 Gb Available in Paging File | 80.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 81.35 Gb Free Space | 69.95% Space Free | Partition Type: NTFS
Drive D: | 115.13 Gb Total Space | 57.64 Gb Free Space | 50.07% Space Free | Partition Type: NTFS
Drive F: | 991.22 Mb Total Space | 990.28 Mb Free Space | 99.91% Space Free | Partition Type: FAT

Computer Name: ESTEVE-PC | User Name: eSteve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3BA6AD5F-B5C4-4A70-9B1E-DA764E2474B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{43597A08-21ED-471C-AE18-6998A0F6D651}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FD7CF080-EB00-4B64-BB6E-264A649DAD5F}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"myphotobook" = myphotobook 3.6
"Picasa2" = Picasa 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/10/2011 07:29:18 | Computer Name = eSteve-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/10/2011 07:34:44 | Computer Name = eSteve-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18000, time stamp
0x47918f11, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0139fbfe, process id 0xca4, application start time
0x01cc899c1a419445.

Error - 13/10/2011 07:37:35 | Computer Name = eSteve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 13/10/2011 07:37:35 | Computer Name = eSteve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 13/10/2011 08:42:34 | Computer Name = eSteve-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18000, time stamp
0x47918f11, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc000001e, fault offset 0x0119fdd8, process id 0x15ac, application start time
0x01cc89a59489e005.

Error - 13/10/2011 10:21:18 | Computer Name = eSteve-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18000, time stamp
0x47918f11, faulting module SHLWAPI.dll, version 6.0.6001.18000, time stamp 0x4791a75c,
exception code 0xc0000005, fault offset 0x00015513, process id 0xef4, application
start time 0x01cc89b35f3233e5.

Error - 13/10/2011 10:25:51 | Computer Name = eSteve-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6001.18000, time stamp
0x47918e5d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0687fe2d, process id 0x53c, application start time
0x01cc899c4441b725.

Error - 13/10/2011 11:13:26 | Computer Name = eSteve-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18000, time stamp
0x47918e5d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000096, fault offset 0x021cfd55, process id 0xc80, application start time
0x01cc89baa4890374.

Error - 13/10/2011 11:14:17 | Computer Name = eSteve-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/10/2011 11:19:37 | Computer Name = eSteve-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6001.18000, time stamp
0x47918e5d, faulting module swg.dll_unloaded, version 0.0.0.0, time stamp 0x4804fa6a,
exception code 0xc0000005, fault offset 0x0569fbfc, process id 0xbf4, application
start time 0x01cc89bb0ffce314.

[ System Events ]
Error - 14/10/2011 09:16:57 | Computer Name = eSteve-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 14/10/2011 09:16:57 | Computer Name = eSteve-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 14/10/2011 09:16:57 | Computer Name = eSteve-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 14/10/2011 09:16:57 | Computer Name = eSteve-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 14/10/2011 09:16:57 | Computer Name = eSteve-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 14/10/2011 09:16:57 | Computer Name = eSteve-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 14/10/2011 09:16:57 | Computer Name = eSteve-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 14/10/2011 09:16:57 | Computer Name = eSteve-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 14/10/2011 09:16:57 | Computer Name = eSteve-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 22/10/2011 18:31:37 | Computer Name = eSteve-PC | Source = HTTP | ID = 15016
Description =


< End of report >


symptoms are - Windows Explorer crashes on startup, programs won't install, Windows update cannot complete.

let me know what to do next. thanks! -Kieran
  • 0

#4
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Good Evening Kieran!

It looks like you're infected with a TDL infection.

Please yield this warning:

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Please run this tool;

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 1

#5
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
hi, sounds bad. Still, I'd like to continue trying to fix the issue. :-)

What risk do I run of infecting another machine by retrieving some files and folders off the affected machine? ie passing a USB key between the two machines.

When I ran combifix I did not get a report generated: windows data execution prevention prevented NirCmd and iexplore.exe from running. this stopped combifix from compelting successfully.

let me know how to go from here!
  • 0

#6
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Okay, that's fine.

What risk do I run of infecting another machine by retrieving some files and folders off the affected machine? ie passing a USB key between the two machines.

It really depends on whether or not the files you retrieve are infected. I'd make sure that you scan the USB device that contains the files/folders that you want to back-up before you transfer them onto the infected computer.

Can you try running ComboFix again and see if it will run for you, and if it doesn't attempt to run it in Safe Mode?

Entering Safe Mode

  • Restart your computer.
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • This will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll to Safe Mode
  • Then press the Enter Key on your Keyboard
  • Go into your usual account

  • 1

#7
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
hi, I ran it again and it worked, I just ignored all the messages and combofix ran in the end and produced the following log:


ComboFix 11-10-24.05 - eSteve 26/10/2011 13:10:29.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.353.1033.18.2939.1944 [GMT 1:00]
Running from: c:\users\eSteve\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-09-26 to 2011-10-26 )))))))))))))))))))))))))))))))
.
.
2011-10-26 12:38 . 2011-10-26 12:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-26 11:58 . 2011-10-26 11:58 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3422609F-DB34-49A9-B4FB-883597F51FB3}\offreg.dll
2011-10-14 11:42 . 2011-09-21 08:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3422609F-DB34-49A9-B4FB-883597F51FB3}\mpengine.dll
2011-10-14 11:22 . 2011-10-14 11:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-14 11:22 . 2011-10-14 11:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-14 11:05 . 2011-10-14 11:05 -------- d-----w- c:\program files\Trend Micro
2011-10-13 16:16 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-10-13 16:16 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-10-13 16:16 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-10-13 16:16 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-10-13 16:16 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-10-13 16:16 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-10-13 16:13 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-10-13 16:13 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-10-13 16:13 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2011-10-13 16:13 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-10-13 16:13 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-10-13 16:13 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-10-13 16:13 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-10-13 16:13 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-10-13 16:13 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-10-13 16:13 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-10-13 16:05 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2011-10-13 16:04 . 2008-06-23 01:59 2868736 ----a-w- c:\windows\system32\mf.dll
2011-10-13 16:04 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-10-13 16:04 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2011-10-13 16:02 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-10-13 16:02 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll
2011-10-13 16:02 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll
2011-10-13 16:02 . 2008-05-08 19:21 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-10-13 16:02 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll
2011-10-13 16:02 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2011-10-13 16:02 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-10-13 16:02 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-10-13 16:02 . 2009-09-10 15:21 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-10-13 16:02 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-10-13 16:02 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll
2011-10-13 15:53 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll
2011-10-13 15:51 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-10-13 15:51 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-10-13 15:46 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-10-13 15:46 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-10-13 15:45 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-10-13 15:45 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2011-10-13 15:43 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2011-10-13 15:43 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2011-10-13 15:28 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-10-13 15:28 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-10-13 15:28 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-10-13 15:28 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-10-13 15:28 . 2009-07-14 10:59 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2011-10-13 15:28 . 2009-07-14 10:58 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2011-10-13 15:28 . 2009-07-14 08:30 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-10-13 15:28 . 2009-07-14 08:30 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-10-13 15:21 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-13 14:41 . 2011-05-24 18:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-13 14:40 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-10-13 14:38 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2011-10-13 14:27 . 2011-10-13 14:27 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-13 14:25 . 2011-10-13 14:25 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-13 14:24 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-10-13 14:24 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-10-13 14:24 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2011-10-13 14:24 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-10-13 14:22 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-10-13 14:22 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-10-13 12:41 . 2011-10-13 12:41 -------- d-----w- c:\programdata\Malwarebytes
2011-10-13 12:41 . 2011-10-13 12:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-13 12:41 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-13 11:37 . 2011-10-25 11:50 -------- dc----w- c:\windows\system32\DRVSTORE
2011-10-13 11:37 . 2011-10-25 11:50 -------- d-----w- c:\programdata\Lavasoft
2011-10-13 11:19 . 2011-10-13 11:36 -------- d-----w- c:\users\eSteve
2011-10-13 10:48 . 2011-10-13 10:48 -------- d-----w- c:\windows\system32\nn-NO
2011-10-13 10:48 . 2008-04-29 01:37 376832 ----a-w- c:\windows\system32\S64CPA.exe
2011-10-13 10:48 . 2008-04-29 01:37 53248 ----a-w- c:\windows\system32\athihvui.dll
2011-10-13 10:48 . 2008-04-29 01:37 393216 ----a-w- c:\windows\system32\athihvs.dll
2011-10-13 10:48 . 2011-10-13 10:48 -------- d-----w- c:\program files\Atheros
2011-10-13 10:48 . 2011-10-13 10:48 -------- d-----w- c:\program files\Cisco
2011-10-13 10:48 . 2011-10-13 10:48 -------- d-----w- c:\programdata\Atheros
2011-10-13 10:47 . 2008-07-18 17:52 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2011-10-13 10:47 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-10-13 10:47 . 2011-10-13 10:47 -------- d-----w- c:\program files\Common Files\Toshiba Shared
2011-10-13 10:46 . 2008-06-16 15:07 106496 ----a-w- c:\windows\system32\tosmreg.exe
2011-10-13 10:46 . 2007-11-27 12:31 491520 ----a-w- c:\windows\system32\cselect.exe
2011-10-13 10:46 . 2003-10-30 15:59 45056 ----a-w- c:\windows\system32\csellang.dll
2011-10-13 10:46 . 2011-10-13 10:46 -------- d-----w- c:\program files\NetWaiting
2011-10-13 10:45 . 2011-10-13 10:45 -------- d-----w- c:\program files\CONEXANT
2011-10-13 10:39 . 2008-06-25 13:05 920088 ----a-w- c:\windows\system32\igxpun.exe
2011-10-13 10:39 . 2011-10-13 10:39 -------- d-----w- c:\windows\system32\ENU
2011-10-13 10:39 . 2011-10-13 10:39 -------- d-----w- c:\windows\system32\Lang
2011-10-13 10:39 . 2008-05-02 16:53 1034776 ----a-w- c:\windows\system32\imsmudlg.exe
2011-10-13 10:39 . 2006-11-10 07:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-10-13 10:39 . 2008-04-15 16:53 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( [email protected]_11.30.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2011-10-26 12:01 27066 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2011-10-26 12:01 69552 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2011-10-13 11:19 . 2011-10-26 10:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-13 11:19 . 2011-10-26 11:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-13 11:19 . 2011-10-26 11:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-13 11:19 . 2011-10-26 10:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-13 11:19 . 2011-10-26 11:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-13 11:19 . 2011-10-26 10:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-13 11:20 . 2011-10-26 12:01 2734 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-373376315-115607217-4222124936-1000_UserData.bin
+ 2011-10-26 11:58 . 2011-10-26 11:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-26 10:35 . 2011-10-26 10:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-26 10:35 . 2011-10-26 10:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-26 11:58 . 2011-10-26 11:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2011-10-26 12:23 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2011-10-26 10:51 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2011-10-26 10:51 105852 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2011-10-26 12:23 105852 c:\windows\System32\perfc009.dat
+ 2011-10-13 11:26 . 2011-10-26 11:50 358024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-10-13 11:26 . 2011-10-26 10:34 358024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Unattend0000000001{5198FF2F-06A9-461D-8850-6327576C3989}"="c:\toshiba\Preinst\postoobe.cmd" [2008-07-02 2476]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2008-01-21 217088]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-14 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-14 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-14 11:36]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-14 11:36]
.
2011-10-13 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-07 14:10]
.
2011-10-13 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-07 14:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-26 13:39
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????5`?u??P?#?x?#???#???#??
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-26 13:53:30
ComboFix-quarantined-files.txt 2011-10-26 12:53
ComboFix2.txt 2011-10-26 11:45
.
Pre-Run: 82,041,585,664 bytes free
Post-Run: 82,013,933,568 bytes free
.
- - End Of File - - 327FB8A8AFB030CCB91217EBB1DEABC4

Edited by kdokeeffe, 26 October 2011 - 09:00 AM.

  • 0

#8
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Okay. It looks like you have another log from ComboFix on your computer. I'd like to take a look at that. Please retrieve that log using these instructions below:


Locating ComboFix Log
  • Right click on START on the left end of your Windows toolbar (lower left corner of your screen)
  • Click on Explore
  • Click on Local Disk (C:) in the left-hand window pane
  • Click on Qoobox in the left-hand window pane
  • Look for ComboFix2.txt in the right-hand window pane and right click on it
  • Put your cursor (arrow) on Open With
  • Move your cursor to the new menu that opens and click on Choose Program...
  • Click on Notepad

When file opens, Copy/Paste text here.
  • 0

#9
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi, I think this is it -


ComboFix 11-10-24.05 - eSteve 26/10/2011 12:00:11.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.353.1033.18.2939.2081 [GMT 1:00]
Running from: c:\users\eSteve\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-09-26 to 2011-10-26 )))))))))))))))))))))))))))))))
.
.
2011-10-26 11:27 . 2011-10-26 11:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-26 10:35 . 2011-10-26 10:46 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3422609F-DB34-49A9-B4FB-883597F51FB3}\offreg.dll
2011-10-14 11:42 . 2011-09-21 08:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3422609F-DB34-49A9-B4FB-883597F51FB3}\mpengine.dll
2011-10-14 11:22 . 2011-10-14 11:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-14 11:22 . 2011-10-14 11:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-14 11:05 . 2011-10-14 11:05 -------- d-----w- c:\program files\Trend Micro
2011-10-13 16:16 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-10-13 16:16 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-10-13 16:16 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-10-13 16:16 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-10-13 16:16 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-10-13 16:16 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-10-13 16:13 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-10-13 16:13 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-10-13 16:13 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2011-10-13 16:13 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-10-13 16:13 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-10-13 16:13 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-10-13 16:13 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-10-13 16:13 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-10-13 16:13 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-10-13 16:13 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-10-13 16:05 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2011-10-13 16:04 . 2008-06-23 01:59 2868736 ----a-w- c:\windows\system32\mf.dll
2011-10-13 16:04 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-10-13 16:04 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2011-10-13 16:02 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-10-13 16:02 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll
2011-10-13 16:02 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll
2011-10-13 16:02 . 2008-05-08 19:21 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-10-13 16:02 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll
2011-10-13 16:02 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2011-10-13 16:02 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-10-13 16:02 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-10-13 16:02 . 2009-09-10 15:21 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-10-13 16:02 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-10-13 16:02 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll
2011-10-13 15:53 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll
2011-10-13 15:51 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-10-13 15:51 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-10-13 15:46 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-10-13 15:46 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-10-13 15:45 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-10-13 15:45 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2011-10-13 15:43 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2011-10-13 15:43 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2011-10-13 15:28 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-10-13 15:28 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-10-13 15:28 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-10-13 15:28 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-10-13 15:28 . 2009-07-14 10:59 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2011-10-13 15:28 . 2009-07-14 10:58 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2011-10-13 15:28 . 2009-07-14 08:30 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-10-13 15:28 . 2009-07-14 08:30 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-10-13 15:21 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-13 14:41 . 2011-05-24 18:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-13 14:40 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-10-13 14:38 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2011-10-13 14:27 . 2011-10-13 14:27 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-13 14:25 . 2011-10-13 14:25 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-13 14:24 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-10-13 14:24 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-10-13 14:24 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2011-10-13 14:24 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-10-13 14:22 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-10-13 14:22 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-10-13 12:41 . 2011-10-13 12:41 -------- d-----w- c:\programdata\Malwarebytes
2011-10-13 12:41 . 2011-10-13 12:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-13 12:41 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-13 11:37 . 2011-10-25 11:50 -------- dc----w- c:\windows\system32\DRVSTORE
2011-10-13 11:37 . 2011-10-25 11:50 -------- d-----w- c:\programdata\Lavasoft
2011-10-13 11:19 . 2011-10-13 11:36 -------- d-----w- c:\users\eSteve
2011-10-13 10:48 . 2011-10-13 10:48 -------- d-----w- c:\windows\system32\nn-NO
2011-10-13 10:48 . 2008-04-29 01:37 376832 ----a-w- c:\windows\system32\S64CPA.exe
2011-10-13 10:48 . 2008-04-29 01:37 53248 ----a-w- c:\windows\system32\athihvui.dll
2011-10-13 10:48 . 2008-04-29 01:37 393216 ----a-w- c:\windows\system32\athihvs.dll
2011-10-13 10:48 . 2011-10-13 10:48 -------- d-----w- c:\program files\Atheros
2011-10-13 10:48 . 2011-10-13 10:48 -------- d-----w- c:\program files\Cisco
2011-10-13 10:48 . 2011-10-13 10:48 -------- d-----w- c:\programdata\Atheros
2011-10-13 10:47 . 2008-07-18 17:52 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2011-10-13 10:47 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-10-13 10:47 . 2011-10-13 10:47 -------- d-----w- c:\program files\Common Files\Toshiba Shared
2011-10-13 10:46 . 2008-06-16 15:07 106496 ----a-w- c:\windows\system32\tosmreg.exe
2011-10-13 10:46 . 2007-11-27 12:31 491520 ----a-w- c:\windows\system32\cselect.exe
2011-10-13 10:46 . 2003-10-30 15:59 45056 ----a-w- c:\windows\system32\csellang.dll
2011-10-13 10:46 . 2011-10-13 10:46 -------- d-----w- c:\program files\NetWaiting
2011-10-13 10:45 . 2011-10-13 10:45 -------- d-----w- c:\program files\CONEXANT
2011-10-13 10:39 . 2008-06-25 13:05 920088 ----a-w- c:\windows\system32\igxpun.exe
2011-10-13 10:39 . 2011-10-13 10:39 -------- d-----w- c:\windows\system32\ENU
2011-10-13 10:39 . 2011-10-13 10:39 -------- d-----w- c:\windows\system32\Lang
2011-10-13 10:39 . 2008-05-02 16:53 1034776 ----a-w- c:\windows\system32\imsmudlg.exe
2011-10-13 10:39 . 2006-11-10 07:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-10-13 10:39 . 2008-04-15 16:53 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Unattend0000000001{5198FF2F-06A9-461D-8850-6327576C3989}"="c:\toshiba\Preinst\postoobe.cmd" [2008-07-02 2476]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2008-01-21 217088]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-14 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-14 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-14 11:36]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-14 11:36]
.
2011-10-13 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-07 14:10]
.
2011-10-13 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-07 14:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-26 12:29
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????5`?u??P?#?x?#???#???#??
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-26 12:44:48
ComboFix-quarantined-files.txt 2011-10-26 11:44
.
Pre-Run: 82,074,271,744 bytes free
Post-Run: 82,023,510,016 bytes free
.
- - End Of File - - F40995FCA75051282D69F098E01B1941
  • 0

#10
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Okay. I was hoping to see something differently from that log.

Please try running this scan for me:


Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

Advertisements


#11
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
hi - Windows Explorer no longer crashes on startup, so that's an improvement :)

here is the log:

11:32:09.0643 2392 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
11:32:09.0689 2392 ============================================================
11:32:09.0689 2392 Current date / time: 2011/10/27 11:32:09.0689
11:32:09.0689 2392 SystemInfo:
11:32:09.0689 2392
11:32:09.0689 2392 OS Version: 6.0.6001 ServicePack: 1.0
11:32:09.0689 2392 Product type: Workstation
11:32:09.0689 2392 ComputerName: ESTEVE-PC
11:32:09.0689 2392 UserName: eSteve
11:32:09.0689 2392 Windows directory: C:\Windows
11:32:09.0689 2392 System windows directory: C:\Windows
11:32:09.0689 2392 Processor architecture: Intel x86
11:32:09.0689 2392 Number of processors: 2
11:32:09.0689 2392 Page size: 0x1000
11:32:09.0689 2392 Boot type: Normal boot
11:32:09.0689 2392 ============================================================
11:32:10.0173 2392 Initialize success
11:33:15.0599 3540 ============================================================
11:33:15.0599 3540 Scan started
11:33:15.0599 3540 Mode: Manual; SigCheck; TDLFS;
11:33:15.0599 3540 ============================================================
11:33:16.0021 3540 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
11:33:16.0114 3540 ACPI - ok
11:33:16.0161 3540 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:33:16.0255 3540 adp94xx - ok
11:33:16.0301 3540 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:33:16.0395 3540 adpahci - ok
11:33:16.0426 3540 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:33:16.0520 3540 adpu160m - ok
11:33:16.0535 3540 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:33:16.0629 3540 adpu320 - ok
11:33:16.0707 3540 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
11:33:16.0801 3540 AFD - ok
11:33:16.0863 3540 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
11:33:17.0097 3540 AgereSoftModem - ok
11:33:17.0128 3540 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:33:17.0175 3540 agp440 - ok
11:33:17.0206 3540 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:33:17.0284 3540 aic78xx - ok
11:33:17.0315 3540 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:33:17.0393 3540 aliide - ok
11:33:17.0409 3540 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:33:17.0456 3540 amdagp - ok
11:33:17.0471 3540 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:33:17.0549 3540 amdide - ok
11:33:17.0565 3540 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:33:17.0627 3540 AmdK7 - ok
11:33:17.0643 3540 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
11:33:17.0705 3540 AmdK8 - ok
11:33:17.0752 3540 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:33:17.0830 3540 arc - ok
11:33:17.0861 3540 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:33:17.0939 3540 arcsas - ok
11:33:17.0971 3540 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:33:18.0064 3540 AsyncMac - ok
11:33:18.0080 3540 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
11:33:18.0095 3540 atapi - ok
11:33:18.0158 3540 athr (997e25f5b7d53c94c0ad2dc080f6868e) C:\Windows\system32\DRIVERS\athr.sys
11:33:18.0314 3540 athr - ok
11:33:18.0361 3540 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:33:18.0454 3540 Beep - ok
11:33:18.0485 3540 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:33:18.0579 3540 blbdrive - ok
11:33:18.0626 3540 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
11:33:18.0641 3540 bowser - ok
11:33:18.0688 3540 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:33:18.0766 3540 BrFiltLo - ok
11:33:18.0797 3540 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:33:18.0891 3540 BrFiltUp - ok
11:33:18.0922 3540 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:33:19.0000 3540 Brserid - ok
11:33:19.0016 3540 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:33:19.0125 3540 BrSerWdm - ok
11:33:19.0141 3540 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:33:19.0250 3540 BrUsbMdm - ok
11:33:19.0265 3540 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:33:19.0375 3540 BrUsbSer - ok
11:33:19.0390 3540 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:33:19.0468 3540 BTHMODEM - ok
11:33:19.0515 3540 catchme - ok
11:33:19.0562 3540 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:33:19.0577 3540 cdfs - ok
11:33:19.0609 3540 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
11:33:19.0702 3540 cdrom - ok
11:33:19.0733 3540 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:33:19.0780 3540 circlass - ok
11:33:19.0827 3540 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
11:33:19.0827 3540 CLFS - ok
11:33:19.0874 3540 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:33:19.0921 3540 CmBatt - ok
11:33:19.0936 3540 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:33:20.0014 3540 cmdide - ok
11:33:20.0045 3540 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:33:20.0092 3540 Compbatt - ok
11:33:20.0123 3540 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:33:20.0155 3540 crcdisk - ok
11:33:20.0170 3540 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:33:20.0248 3540 Crusoe - ok
11:33:20.0279 3540 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
11:33:20.0326 3540 DfsC - ok
11:33:20.0373 3540 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
11:33:20.0404 3540 disk - ok
11:33:20.0435 3540 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:33:20.0529 3540 drmkaud - ok
11:33:20.0576 3540 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
11:33:20.0638 3540 DXGKrnl - ok
11:33:20.0685 3540 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:33:20.0763 3540 E1G60 - ok
11:33:20.0841 3540 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
11:33:20.0857 3540 Ecache - ok
11:33:20.0903 3540 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:33:21.0013 3540 elxstor - ok
11:33:21.0028 3540 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
11:33:21.0153 3540 ErrDev - ok
11:33:21.0200 3540 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
11:33:21.0278 3540 exfat - ok
11:33:21.0293 3540 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
11:33:21.0340 3540 fastfat - ok
11:33:21.0356 3540 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:33:21.0465 3540 fdc - ok
11:33:21.0481 3540 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:33:21.0590 3540 FileInfo - ok
11:33:21.0605 3540 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:33:21.0699 3540 Filetrace - ok
11:33:21.0715 3540 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:33:21.0824 3540 flpydisk - ok
11:33:21.0839 3540 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
11:33:21.0949 3540 FltMgr - ok
11:33:21.0964 3540 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
11:33:22.0073 3540 Fs_Rec - ok
11:33:22.0105 3540 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
11:33:22.0167 3540 FwLnk - ok
11:33:22.0198 3540 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:33:22.0276 3540 gagp30kx - ok
11:33:22.0354 3540 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
11:33:22.0432 3540 HdAudAddService - ok
11:33:22.0448 3540 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:33:22.0479 3540 HDAudBus - ok
11:33:22.0510 3540 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:33:22.0619 3540 HidBth - ok
11:33:22.0635 3540 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:33:22.0713 3540 HidIr - ok
11:33:22.0775 3540 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
11:33:22.0869 3540 HidUsb - ok
11:33:22.0900 3540 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:33:22.0978 3540 HpCISSs - ok
11:33:23.0025 3540 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:33:23.0134 3540 HSFHWAZL - ok
11:33:23.0197 3540 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:33:23.0337 3540 HSF_DPV - ok
11:33:23.0368 3540 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
11:33:23.0462 3540 HSXHWAZL - ok
11:33:23.0509 3540 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
11:33:23.0602 3540 HTTP - ok
11:33:23.0649 3540 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:33:23.0727 3540 i2omp - ok
11:33:23.0789 3540 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:33:23.0883 3540 i8042prt - ok
11:33:23.0945 3540 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
11:33:24.0008 3540 iaStor - ok
11:33:24.0039 3540 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:33:24.0133 3540 iaStorV - ok
11:33:24.0226 3540 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:33:24.0335 3540 igfx - ok
11:33:24.0367 3540 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:33:24.0445 3540 iirsp - ok
11:33:24.0523 3540 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
11:33:24.0616 3540 IntcAzAudAddService - ok
11:33:24.0647 3540 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:33:24.0725 3540 intelide - ok
11:33:24.0757 3540 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:33:24.0772 3540 intelppm - ok
11:33:24.0819 3540 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:33:24.0897 3540 IpFilterDriver - ok
11:33:24.0913 3540 IpInIp - ok
11:33:24.0944 3540 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:33:25.0006 3540 IPMIDRV - ok
11:33:25.0022 3540 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:33:25.0084 3540 IPNAT - ok
11:33:25.0100 3540 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:33:25.0162 3540 IRENUM - ok
11:33:25.0178 3540 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:33:25.0225 3540 isapnp - ok
11:33:25.0256 3540 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
11:33:25.0271 3540 iScsiPrt - ok
11:33:25.0287 3540 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:33:25.0365 3540 iteatapi - ok
11:33:25.0396 3540 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:33:25.0474 3540 iteraid - ok
11:33:25.0505 3540 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:33:25.0583 3540 kbdclass - ok
11:33:25.0599 3540 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
11:33:25.0661 3540 kbdhid - ok
11:33:25.0693 3540 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
11:33:25.0708 3540 KSecDD - ok
11:33:25.0786 3540 Lavasoft Kernexplorer - ok
11:33:25.0817 3540 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:33:25.0880 3540 lltdio - ok
11:33:25.0911 3540 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:33:25.0989 3540 LSI_FC - ok
11:33:26.0020 3540 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:33:26.0098 3540 LSI_SAS - ok
11:33:26.0114 3540 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:33:26.0207 3540 LSI_SCSI - ok
11:33:26.0239 3540 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:33:26.0301 3540 luafv - ok
11:33:26.0379 3540 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:33:26.0441 3540 mdmxsdk - ok
11:33:26.0488 3540 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:33:26.0582 3540 megasas - ok
11:33:26.0597 3540 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:33:26.0707 3540 MegaSR - ok
11:33:26.0738 3540 mfeavfk (21dd45cae791d0cde10631b80f16f653) C:\Windows\system32\drivers\mfeavfk.sys
11:33:26.0847 3540 mfeavfk - ok
11:33:26.0863 3540 mfebopk (decde1c615c256fa2893b5962b0b91e5) C:\Windows\system32\drivers\mfebopk.sys
11:33:27.0065 3540 mfebopk - ok
11:33:27.0128 3540 mfehidk (f85cd2b918202b7ee49757c361c7eac2) C:\Windows\system32\drivers\mfehidk.sys
11:33:27.0221 3540 mfehidk - ok
11:33:27.0237 3540 mferkdk (5f33a57f904b64d1c6a548eca47a8656) C:\Windows\system32\drivers\mferkdk.sys
11:33:27.0346 3540 mferkdk - ok
11:33:27.0362 3540 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\Windows\system32\drivers\mfesmfk.sys
11:33:27.0455 3540 mfesmfk - ok
11:33:27.0487 3540 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:33:27.0518 3540 Modem - ok
11:33:27.0533 3540 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:33:27.0596 3540 monitor - ok
11:33:27.0611 3540 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:33:27.0705 3540 mouclass - ok
11:33:27.0736 3540 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:33:27.0799 3540 mouhid - ok
11:33:27.0830 3540 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:33:27.0861 3540 MountMgr - ok
11:33:27.0892 3540 MPFP (96cf5286bc370b558735a7b891232d92) C:\Windows\system32\Drivers\Mpfp.sys
11:33:27.0923 3540 MPFP - ok
11:33:27.0955 3540 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:33:28.0033 3540 mpio - ok
11:33:28.0064 3540 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:33:28.0142 3540 mpsdrv - ok
11:33:28.0189 3540 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:33:28.0267 3540 Mraid35x - ok
11:33:28.0298 3540 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
11:33:28.0313 3540 MRxDAV - ok
11:33:28.0360 3540 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:33:28.0376 3540 mrxsmb - ok
11:33:28.0407 3540 mrxsmb10 (7f14576d4f7b1930f951fe585201bba4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:33:28.0423 3540 mrxsmb10 - ok
11:33:28.0438 3540 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:33:28.0579 3540 mrxsmb20 - ok
11:33:28.0594 3540 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
11:33:28.0688 3540 msahci - ok
11:33:28.0703 3540 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:33:28.0797 3540 msdsm - ok
11:33:28.0828 3540 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:33:28.0906 3540 Msfs - ok
11:33:28.0922 3540 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys
11:33:28.0953 3540 msisadrv - ok
11:33:29.0000 3540 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:33:29.0140 3540 MSKSSRV - ok
11:33:29.0218 3540 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:33:29.0281 3540 MSPCLOCK - ok
11:33:29.0296 3540 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:33:29.0405 3540 MSPQM - ok
11:33:29.0437 3540 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
11:33:29.0546 3540 MsRPC - ok
11:33:29.0561 3540 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys
11:33:29.0764 3540 mssmbios - ok
11:33:29.0780 3540 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:33:29.0920 3540 MSTEE - ok
11:33:29.0936 3540 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
11:33:30.0045 3540 Mup - ok
11:33:30.0092 3540 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
11:33:30.0185 3540 NativeWifiP - ok
11:33:30.0232 3540 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
11:33:30.0263 3540 NDIS - ok
11:33:30.0310 3540 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:33:30.0373 3540 NdisTapi - ok
11:33:30.0404 3540 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:33:30.0451 3540 Ndisuio - ok
11:33:30.0482 3540 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
11:33:30.0560 3540 NdisWan - ok
11:33:30.0591 3540 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:33:30.0638 3540 NDProxy - ok
11:33:30.0653 3540 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:33:30.0685 3540 NetBIOS - ok
11:33:30.0700 3540 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
11:33:30.0794 3540 netbt - ok
11:33:30.0825 3540 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:33:30.0903 3540 nfrd960 - ok
11:33:30.0934 3540 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
11:33:30.0965 3540 Npfs - ok
11:33:30.0981 3540 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:33:31.0075 3540 nsiproxy - ok
11:33:31.0121 3540 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
11:33:31.0184 3540 Ntfs - ok
11:33:31.0215 3540 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:33:31.0309 3540 ntrigdigi - ok
11:33:31.0324 3540 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:33:31.0387 3540 Null - ok
11:33:31.0402 3540 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:33:31.0496 3540 nvraid - ok
11:33:31.0511 3540 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:33:31.0589 3540 nvstor - ok
11:33:31.0621 3540 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:33:31.0667 3540 nv_agp - ok
11:33:31.0667 3540 NwlnkFlt - ok
11:33:31.0683 3540 NwlnkFwd - ok
11:33:31.0730 3540 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
11:33:31.0808 3540 ohci1394 - ok
11:33:31.0839 3540 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:33:31.0933 3540 Parport - ok
11:33:31.0964 3540 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
11:33:31.0979 3540 partmgr - ok
11:33:31.0995 3540 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:33:32.0073 3540 Parvdm - ok
11:33:32.0089 3540 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys
11:33:32.0104 3540 pci - ok
11:33:32.0120 3540 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
11:33:32.0198 3540 pciide - ok
11:33:32.0213 3540 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:33:32.0276 3540 pcmcia - ok
11:33:32.0323 3540 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:33:32.0525 3540 PEAUTH - ok
11:33:32.0588 3540 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:33:32.0681 3540 PptpMiniport - ok
11:33:32.0697 3540 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:33:32.0884 3540 Processor - ok
11:33:32.0915 3540 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
11:33:32.0962 3540 PSched - ok
11:33:32.0978 3540 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
11:33:33.0165 3540 PxHelp20 - ok
11:33:33.0243 3540 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:33:33.0321 3540 ql2300 - ok
11:33:33.0337 3540 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:33:33.0415 3540 ql40xx - ok
11:33:33.0446 3540 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:33:33.0524 3540 QWAVEdrv - ok
11:33:33.0555 3540 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:33:33.0633 3540 RasAcd - ok
11:33:33.0664 3540 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:33:33.0758 3540 Rasl2tp - ok
11:33:33.0773 3540 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
11:33:33.0867 3540 RasPppoe - ok
11:33:33.0898 3540 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
11:33:33.0976 3540 RasSstp - ok
11:33:34.0007 3540 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
11:33:34.0039 3540 rdbss - ok
11:33:34.0054 3540 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:33:34.0101 3540 RDPCDD - ok
11:33:34.0132 3540 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
11:33:34.0195 3540 rdpdr - ok
11:33:34.0226 3540 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:33:34.0273 3540 RDPENCDD - ok
11:33:34.0304 3540 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
11:33:34.0397 3540 RDPWD - ok
11:33:34.0444 3540 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:33:34.0507 3540 rspndr - ok
11:33:34.0569 3540 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
11:33:34.0678 3540 RTL8169 - ok
11:33:34.0694 3540 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
11:33:34.0787 3540 RTSTOR - ok
11:33:34.0803 3540 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:33:34.0881 3540 sbp2port - ok
11:33:34.0959 3540 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:33:35.0068 3540 secdrv - ok
11:33:35.0099 3540 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:33:35.0162 3540 Serenum - ok
11:33:35.0193 3540 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:33:35.0271 3540 Serial - ok
11:33:35.0287 3540 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:33:35.0349 3540 sermouse - ok
11:33:35.0380 3540 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
11:33:35.0427 3540 sffdisk - ok
11:33:35.0458 3540 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
11:33:35.0505 3540 sffp_mmc - ok
11:33:35.0521 3540 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
11:33:35.0583 3540 sffp_sd - ok
11:33:35.0599 3540 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:33:35.0708 3540 sfloppy - ok
11:33:35.0739 3540 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:33:35.0864 3540 sisagp - ok
11:33:35.0879 3540 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:33:35.0957 3540 SiSRaid2 - ok
11:33:35.0989 3540 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:33:36.0067 3540 SiSRaid4 - ok
11:33:36.0098 3540 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
11:33:36.0176 3540 Smb - ok
11:33:36.0207 3540 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:33:36.0223 3540 spldr - ok
11:33:36.0254 3540 srv (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
11:33:36.0332 3540 srv - ok
11:33:36.0347 3540 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
11:33:36.0457 3540 srv2 - ok
11:33:36.0457 3540 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
11:33:36.0566 3540 srvnet - ok
11:33:36.0581 3540 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys
11:33:36.0675 3540 swenum - ok
11:33:36.0691 3540 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:33:36.0769 3540 Symc8xx - ok
11:33:36.0800 3540 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:33:36.0878 3540 Sym_hi - ok
11:33:36.0893 3540 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:33:36.0971 3540 Sym_u3 - ok
11:33:37.0018 3540 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
11:33:37.0112 3540 SynTP - ok
11:33:37.0190 3540 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
11:33:37.0299 3540 Tcpip - ok
11:33:37.0330 3540 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
11:33:37.0408 3540 Tcpip6 - ok
11:33:37.0439 3540 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
11:33:37.0533 3540 tcpipreg - ok
11:33:37.0580 3540 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
11:33:37.0642 3540 tdcmdpst - ok
11:33:37.0658 3540 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:33:37.0767 3540 TDPIPE - ok
11:33:37.0783 3540 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:33:37.0861 3540 TDTCP - ok
11:33:37.0892 3540 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
11:33:37.0985 3540 tdx - ok
11:33:38.0017 3540 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys
11:33:38.0063 3540 TermDD - ok
11:33:38.0141 3540 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
11:33:38.0204 3540 tos_sps32 - ok
11:33:38.0235 3540 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:33:38.0313 3540 tssecsrv - ok
11:33:38.0329 3540 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:33:38.0422 3540 tunmp - ok
11:33:38.0453 3540 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
11:33:38.0531 3540 tunnel - ok
11:33:38.0578 3540 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
11:33:38.0625 3540 TVALZ - ok
11:33:38.0656 3540 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:33:38.0703 3540 uagp35 - ok
11:33:38.0734 3540 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys
11:33:38.0797 3540 udfs - ok
11:33:38.0828 3540 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:33:38.0875 3540 uliagpkx - ok
11:33:38.0906 3540 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:33:38.0984 3540 uliahci - ok
11:33:39.0015 3540 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:33:39.0093 3540 UlSata - ok
11:33:39.0109 3540 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:33:39.0187 3540 ulsata2 - ok
11:33:39.0218 3540 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:33:39.0265 3540 umbus - ok
11:33:39.0296 3540 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:33:39.0358 3540 usbccgp - ok
11:33:39.0389 3540 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:33:39.0467 3540 usbcir - ok
11:33:39.0499 3540 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
11:33:39.0592 3540 usbehci - ok
11:33:39.0608 3540 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
11:33:39.0701 3540 usbhub - ok
11:33:39.0733 3540 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
11:33:39.0842 3540 usbohci - ok
11:33:39.0857 3540 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
11:33:39.0998 3540 usbprint - ok
11:33:40.0013 3540 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:33:40.0107 3540 USBSTOR - ok
11:33:40.0123 3540 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:33:40.0232 3540 usbuhci - ok
11:33:40.0263 3540 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
11:33:40.0341 3540 usbvideo - ok
11:33:40.0372 3540 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:33:40.0450 3540 vga - ok
11:33:40.0466 3540 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:33:40.0559 3540 VgaSave - ok
11:33:40.0575 3540 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:33:40.0684 3540 viaagp - ok
11:33:40.0700 3540 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:33:40.0762 3540 ViaC7 - ok
11:33:40.0793 3540 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:33:40.0903 3540 viaide - ok
11:33:40.0918 3540 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys
11:33:41.0012 3540 volmgr - ok
11:33:41.0027 3540 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
11:33:41.0121 3540 volmgrx - ok
11:33:41.0137 3540 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
11:33:41.0230 3540 volsnap - ok
11:33:41.0246 3540 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:33:41.0339 3540 vsmraid - ok
11:33:41.0371 3540 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:33:41.0480 3540 WacomPen - ok
11:33:41.0511 3540 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:33:41.0589 3540 Wanarp - ok
11:33:41.0605 3540 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:33:41.0620 3540 Wanarpv6 - ok
11:33:41.0651 3540 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:33:41.0729 3540 Wd - ok
11:33:41.0776 3540 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:33:41.0792 3540 Wdf01000 - ok
11:33:41.0870 3540 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:33:41.0979 3540 winachsf - ok
11:33:42.0026 3540 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
11:33:42.0073 3540 WmiAcpi - ok
11:33:42.0119 3540 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:33:42.0166 3540 ws2ifsl - ok
11:33:42.0213 3540 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:33:42.0307 3540 WUDFRd - ok
11:33:42.0353 3540 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
11:33:42.0400 3540 XAudio - ok
11:33:42.0431 3540 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
11:33:42.0431 3540 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
11:33:42.0431 3540 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
11:33:42.0509 3540 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:33:42.0509 3540 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:33:42.0509 3540 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:33:43.0289 3540 \Device\Harddisk1\DR1 - ok
11:33:43.0336 3540 Boot (0x1200) (5f57bcb68c6c93cbf0461018a8f54177) \Device\Harddisk0\DR0\Partition0
11:33:43.0336 3540 \Device\Harddisk0\DR0\Partition0 - ok
11:33:43.0367 3540 Boot (0x1200) (f5687dbdd2f3e099572bd4a73bfbd151) \Device\Harddisk0\DR0\Partition1
11:33:43.0367 3540 \Device\Harddisk0\DR0\Partition1 - ok
11:33:43.0367 3540 Boot (0x1200) (328dcbc6d4dcfc2b55f197fda3d89b89) \Device\Harddisk1\DR1\Partition0
11:33:43.0367 3540 \Device\Harddisk1\DR1\Partition0 - ok
11:33:43.0367 3540 ============================================================
11:33:43.0367 3540 Scan finished
11:33:43.0367 3540 ============================================================
11:33:43.0383 3164 Detected object count: 2
11:33:43.0383 3164 Actual detected object count: 2
11:34:55.0049 3164 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
11:34:55.0049 3164 \Device\Harddisk0\DR0 - ok
11:34:55.0049 3164 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
11:34:55.0049 3164 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:34:55.0049 3164 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:35:01.0336 3884 Deinitialize success
  • 0

#12
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

That definitely is an improvement.

It looks like TDSSKiller found something.

Please run this utility now:

Running aswMBR.exe

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#13
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
here you go -

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-27 17:53:52
-----------------------------
17:53:52.407 OS Version: Windows 6.0.6001 Service Pack 1
17:53:52.407 Number of processors: 2 586 0xF0D
17:53:52.407 ComputerName: ESTEVE-PC UserName: eSteve
17:53:53.577 Initialize success
17:54:19.574 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:54:19.574 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
17:54:19.637 Disk 0 MBR read successfully
17:54:19.637 Disk 0 MBR scan
17:54:19.637 Disk 0 Windows VISTA default MBR code
17:54:19.637 Disk 0 scanning sectors +488395120
17:54:19.730 Disk 0 scanning C:\Windows\system32\drivers
17:54:36.438 Service scanning
17:54:37.592 Modules scanning
17:54:40.884 Disk 0 trace - called modules:
17:54:40.915 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:54:40.915 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85dae878]
17:54:40.915 3 CLASSPNP.SYS[89978745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84e44028]
17:54:40.915 Scan finished successfully
17:54:55.844 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
17:54:55.875 The log file has been saved successfully to "F:\aswMBR.txt"
  • 0

#14
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#15
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
ok here we go.

MalwareBytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8034

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

28/10/2011 12:55:12
mbam-log-2011-10-28 (12-55-12).txt

Scan type: Quick scan
Objects scanned: 164833
Time elapsed: 6 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET:

D:\ESTEVE-PC\Backup Set 2011-09-01 230111\Backup Files 2011-09-01 230111\Backup files 20.zip multiple threats

SECURITY CHECK:

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
McAfee SecurityCenter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 6
Out of date Java installed!
Adobe Reader X (KB403742..) Adobe Reader Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Spybot Teatimer.exe is disabled!
McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe
Windows Defender MSASCui.exe
TOSHIBA Toshiba Online Product Information TOPI.exe
``````````End of Log````````````
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP