Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Links Hijacked - Alureon/Blacole Detected [Solved]

Started by kitt0024 , Mar 19 2012 06:14 PM

  • This topic is locked This topic is locked

#1
kitt0024
Posted 19 March 2012 - 06:14 PM

kitt0024

    Member

  • Member
  • PipPip
  • 22 posts
You guys were instrumental in getting a virus removed from a different laptop a few years ago, and I seem to have picked up another nasty on a new laptop so am hoping you can help again. I first noticed the laptop wouldn't come out of hibernate this morning. Had problems getting it rebooted and noticed now that my google links are all hijacked. I have run a scan with MS Security Essentials and Malwarebytes and they seem to have turned up Alureon and Blacole. SE doesn't seem able to remove. I have no idea how I picked this up as I don't visit any unsavory sites or download torrents or anything. I could try some things based on what I learned here last time, but figured I'd ask for help and post logs before I mucked around too much and got in any deeper. Any help would be very greatly appreciated! You guys rock for what you do.

Here are the logs from OTL:
OTL logfile created on: 3/19/2012 6:55:06 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Janet\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 57.77% Memory free
10.96 Gb Paging File | 8.18 Gb Available in Paging File | 74.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.58 Gb Total Space | 265.73 Gb Free Space | 45.77% Space Free | Partition Type: NTFS
Drive D: | 46.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 976.13 Mb Total Space | 799.41 Mb Free Space | 81.90% Space Free | Partition Type: FAT

Computer Name: JANET-TOSHIBA | User Name: Janet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/19 18:53:48 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Janet\Downloads\OTL.exe
PRC - [2012/03/19 18:35:07 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/29 11:31:42 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/14 18:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Janet\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/19 23:58:08 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
PRC - [2011/11/11 10:54:24 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2010/06/04 18:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
PRC - [2010/05/20 18:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2007/07/17 11:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2003/07/18 15:02:18 | 001,422,528 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/19 18:35:06 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2007/07/17 11:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
MOD - [2007/02/07 16:51:20 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncRs.crl


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/01 13:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/09 23:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/24 11:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 16:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/20 18:16:30 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 16:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/09 19:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2003/07/18 15:02:18 | 001,422,528 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe -- (CVPND)
SRV - [2012/01/19 23:58:08 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 19:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/05/20 18:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/20 19:00:52 | 009,256,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 17:39:58 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 19:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 21:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/13 21:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 10:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/10/29 18:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/04/17 13:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2012/03/19 18:41:44 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DCB700AC-B6C5-4EAA-B16A-908439BF84D8}\MpKsl256f6e42.sys -- (MpKsl256f6e42)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {056D4033-EAFC-4E5A-A499-AD0E2974DFE9}
IE:64bit: - HKLM\..\SearchScopes\{056D4033-EAFC-4E5A-A499-AD0E2974DFE9}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {056D4033-EAFC-4E5A-A499-AD0E2974DFE9}
IE - HKLM\..\SearchScopes\{056D4033-EAFC-4E5A-A499-AD0E2974DFE9}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com
IE - HKCU\..\SearchScopes,DefaultScope = {BCA082B1-A84D-4145-8988-9EA780CB698A}
IE - HKCU\..\SearchScopes\{056D4033-EAFC-4E5A-A499-AD0E2974DFE9}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP
IE - HKCU\..\SearchScopes\{BCA082B1-A84D-4145-8988-9EA780CB698A}: "URL" = http://www.google.co...1I7TSNP_enUS453
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Janet\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Janet\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Janet\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Janet\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/19 18:35:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/23 17:43:29 | 000,000,000 | ---D | M]

[2011/10/16 15:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janet\AppData\Roaming\Mozilla\Extensions
[2011/10/16 15:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/19 18:35:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/23 17:43:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2012/03/19 10:16:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/19 10:16:46 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Janet\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Janet\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Application Restart #4] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Janet\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B917922F-3D1F-49A1-B54B-6727F94A2346}: DhcpNameServer = 8.8.8.8 8.8.4.4 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/28 17:59:17 | 000,000,163 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6fcb1637-e018-11e0-88e3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6fcb1637-e018-11e0-88e3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2010/01/28 17:56:57 | 005,007,488 | R--- | M] (Cisco Consumer Products LLC)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/11 14:47:46 | 000,000,000 | ---D | C] -- C:\Users\Janet\AppData\Local\Diagnostics
[2012/03/10 15:45:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/10 15:33:13 | 000,000,000 | ---D | C] -- C:\Users\Janet\Documents\Amazon MP3
[2012/03/10 15:33:13 | 000,000,000 | ---D | C] -- C:\Users\Janet\AppData\Roaming\Amazon
[2012/03/10 15:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/03/05 20:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interweave eMags
[2012/03/05 20:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Interweave eMags
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/19 18:50:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-720849286-3220693375-4192845142-1000UA.job
[2012/03/19 18:40:30 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2012/03/19 18:40:29 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 18:40:29 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 18:39:48 | 000,001,144 | ---- | M] () -- C:\Users\Janet\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2012/03/19 18:39:48 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/03/19 18:38:46 | 000,733,756 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/03/19 18:38:46 | 000,629,182 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/03/19 18:38:46 | 000,108,366 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/03/19 18:33:21 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/19 18:32:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/19 18:32:45 | 117,010,431 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 18:27:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/19 17:24:42 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-720849286-3220693375-4192845142-1000Core.job
[2012/03/19 11:57:58 | 000,746,970 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/19 11:50:16 | 000,418,232 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/03/19 10:32:06 | 000,000,129 | ---- | M] () -- C:\windows\SysNative\MRT.INI
[2012/03/10 19:01:51 | 000,857,813 | ---- | M] () -- C:\Users\Janet\Desktop\million-pound-pledge-rebate-form-sd.pdf
[2012/03/05 20:05:15 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\ColorKnits Fall 2011.lnk
[2012/03/05 19:09:58 | 004,519,131 | ---- | M] () -- C:\Users\Janet\Desktop\2012_chevrolet_equinox_owners.pdf
[2012/03/05 15:00:36 | 000,668,768 | ---- | M] () -- C:\Users\Janet\Desktop\fresh_flow_pump_instruction_sheet.pdf
[2012/02/28 19:28:43 | 000,001,034 | ---- | M] () -- C:\Users\Janet\Desktop\Dropbox.lnk
[2012/02/28 19:28:43 | 000,001,014 | ---- | M] () -- C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/19 18:39:48 | 000,001,144 | ---- | C] () -- C:\Users\Janet\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2012/03/19 10:32:06 | 000,000,129 | ---- | C] () -- C:\windows\SysNative\MRT.INI
[2012/03/10 19:01:49 | 000,857,813 | ---- | C] () -- C:\Users\Janet\Desktop\million-pound-pledge-rebate-form-sd.pdf
[2012/03/05 20:05:15 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\ColorKnits Fall 2011.lnk
[2012/03/05 19:09:54 | 004,519,131 | ---- | C] () -- C:\Users\Janet\Desktop\2012_chevrolet_equinox_owners.pdf
[2012/03/05 15:00:34 | 000,668,768 | ---- | C] () -- C:\Users\Janet\Desktop\fresh_flow_pump_instruction_sheet.pdf
[2011/10/16 22:24:29 | 000,746,970 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/09/15 23:18:15 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/09/15 23:14:03 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2011/09/15 23:13:18 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/09/15 23:11:07 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\windows\primopdf.ini
[2011/02/03 21:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/03/10 15:33:13 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Amazon
[2011/11/14 22:18:24 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Book Place
[2011/12/23 17:43:29 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Catalina Marketing Corp
[2012/03/19 18:33:57 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Dropbox
[2011/12/22 11:08:38 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\PrimoPDF
[2011/10/22 13:04:06 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\TeraCopy
[2011/10/16 16:19:47 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Tific
[2011/10/15 17:47:10 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Toshiba
[2011/10/15 17:43:16 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\WinBatch
[2009/07/14 00:08:49 | 000,010,906 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
maliprog
Posted 28 March 2012 - 12:11 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello kitt0024 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
kitt0024
Posted 28 March 2012 - 09:23 PM

kitt0024

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you so much for the reply! What you guys do is amazing.

TDSSKiller log:

20:17:04.0528 6240 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
20:17:05.0278 6240 ============================================================
20:17:05.0278 6240 Current date / time: 2012/03/28 20:17:05.0278
20:17:05.0278 6240 SystemInfo:
20:17:05.0278 6240
20:17:05.0278 6240 OS Version: 6.1.7601 ServicePack: 1.0
20:17:05.0278 6240 Product type: Workstation
20:17:05.0279 6240 ComputerName: JANET-TOSHIBA
20:17:05.0279 6240 UserName: Janet
20:17:05.0279 6240 Windows directory: C:\windows
20:17:05.0279 6240 System windows directory: C:\windows
20:17:05.0279 6240 Running under WOW64
20:17:05.0279 6240 Processor architecture: Intel x64
20:17:05.0279 6240 Number of processors: 4
20:17:05.0279 6240 Page size: 0x1000
20:17:05.0279 6240 Boot type: Normal boot
20:17:05.0279 6240 ============================================================
20:17:07.0460 6240 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:17:07.0472 6240 Drive \Device\Harddisk1\DR1 - Size: 0x3D080000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:17:07.0475 6240 \Device\Harddisk0\DR0:
20:17:07.0475 6240 MBR used
20:17:07.0475 6240 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48928000
20:17:07.0475 6240 \Device\Harddisk1\DR1:
20:17:07.0477 6240 MBR used
20:17:07.0477 6240 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x1E830B
20:17:07.0522 6240 Initialize success
20:17:07.0523 6240 ============================================================
20:17:34.0105 4504 ============================================================
20:17:34.0105 4504 Scan started
20:17:34.0105 4504 Mode: Manual; SigCheck; TDLFS;
20:17:34.0105 4504 ============================================================
20:17:35.0269 4504 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
20:17:35.0383 4504 1394ohci - ok
20:17:35.0489 4504 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
20:17:35.0537 4504 ACPI - ok
20:17:35.0637 4504 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
20:17:35.0730 4504 AcpiPmi - ok
20:17:35.0850 4504 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
20:17:35.0888 4504 adp94xx - ok
20:17:36.0052 4504 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
20:17:36.0085 4504 adpahci - ok
20:17:36.0243 4504 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
20:17:36.0271 4504 adpu320 - ok
20:17:36.0360 4504 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
20:17:36.0522 4504 AeLookupSvc - ok
20:17:36.0662 4504 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
20:17:36.0756 4504 AFD - ok
20:17:36.0865 4504 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
20:17:36.0889 4504 agp440 - ok
20:17:36.0990 4504 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
20:17:37.0061 4504 ALG - ok
20:17:37.0303 4504 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
20:17:37.0324 4504 aliide - ok
20:17:37.0472 4504 AMD External Events Utility (e9f172f8067830ab6418fcf13b7c82f1) C:\windows\system32\atiesrxx.exe
20:17:37.0620 4504 AMD External Events Utility - ok
20:17:37.0703 4504 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
20:17:37.0725 4504 amdide - ok
20:17:37.0826 4504 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
20:17:37.0873 4504 AmdK8 - ok
20:17:38.0141 4504 amdkmdag (3ea481540bf571ce2ac422249c4e18a9) C:\windows\system32\DRIVERS\atikmdag.sys
20:17:38.0480 4504 amdkmdag - ok
20:17:38.0628 4504 amdkmdap (c5228c5fd5ca78002255089c4e74dc0e) C:\windows\system32\DRIVERS\atikmpag.sys
20:17:38.0710 4504 amdkmdap - ok
20:17:38.0812 4504 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:17:38.0868 4504 AmdPPM - ok
20:17:38.0958 4504 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
20:17:38.0982 4504 amdsata - ok
20:17:39.0083 4504 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
20:17:39.0110 4504 amdsbs - ok
20:17:39.0216 4504 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
20:17:39.0238 4504 amdxata - ok
20:17:39.0341 4504 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
20:17:39.0693 4504 AppID - ok
20:17:39.0819 4504 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
20:17:39.0935 4504 AppIDSvc - ok
20:17:40.0031 4504 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
20:17:40.0126 4504 Appinfo - ok
20:17:40.0270 4504 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:17:40.0363 4504 Apple Mobile Device - ok
20:17:40.0478 4504 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
20:17:40.0502 4504 arc - ok
20:17:40.0608 4504 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
20:17:40.0635 4504 arcsas - ok
20:17:40.0831 4504 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:17:40.0914 4504 AsyncMac - ok
20:17:41.0002 4504 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
20:17:41.0025 4504 atapi - ok
20:17:41.0201 4504 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\windows\system32\drivers\AtihdW76.sys
20:17:41.0247 4504 AtiHDAudioService - ok
20:17:41.0372 4504 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:17:41.0473 4504 AudioEndpointBuilder - ok
20:17:41.0516 4504 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:17:41.0601 4504 AudioSrv - ok
20:17:41.0745 4504 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
20:17:41.0890 4504 AxInstSV - ok
20:17:42.0002 4504 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
20:17:42.0063 4504 b06bdrv - ok
20:17:42.0172 4504 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:17:42.0228 4504 b57nd60a - ok
20:17:42.0317 4504 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
20:17:42.0381 4504 BDESVC - ok
20:17:42.0498 4504 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:17:42.0569 4504 Beep - ok
20:17:42.0715 4504 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
20:17:42.0821 4504 BFE - ok
20:17:42.0975 4504 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
20:17:43.0081 4504 BITS - ok
20:17:43.0182 4504 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:17:43.0228 4504 blbdrive - ok
20:17:43.0310 4504 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:17:43.0402 4504 Bonjour Service - ok
20:17:43.0520 4504 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
20:17:43.0594 4504 bowser - ok
20:17:43.0699 4504 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
20:17:43.0743 4504 BrFiltLo - ok
20:17:43.0824 4504 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
20:17:43.0854 4504 BrFiltUp - ok
20:17:44.0055 4504 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
20:17:44.0151 4504 Browser - ok
20:17:44.0276 4504 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:17:44.0333 4504 Brserid - ok
20:17:44.0428 4504 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:17:44.0458 4504 BrSerWdm - ok
20:17:44.0621 4504 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:17:44.0683 4504 BrUsbMdm - ok
20:17:44.0787 4504 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:17:44.0833 4504 BrUsbSer - ok
20:17:44.0914 4504 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
20:17:44.0970 4504 BTHMODEM - ok
20:17:45.0091 4504 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
20:17:45.0187 4504 bthserv - ok
20:17:45.0294 4504 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:17:45.0371 4504 cdfs - ok
20:17:45.0487 4504 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
20:17:45.0538 4504 cdrom - ok
20:17:45.0671 4504 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:17:45.0781 4504 CertPropSvc - ok
20:17:45.0872 4504 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
20:17:45.0918 4504 circlass - ok
20:17:46.0004 4504 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:17:46.0042 4504 CLFS - ok
20:17:46.0136 4504 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:17:46.0184 4504 clr_optimization_v2.0.50727_32 - ok
20:17:46.0266 4504 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:17:46.0300 4504 clr_optimization_v2.0.50727_64 - ok
20:17:46.0432 4504 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:17:46.0464 4504 clr_optimization_v4.0.30319_32 - ok
20:17:46.0553 4504 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:17:46.0589 4504 clr_optimization_v4.0.30319_64 - ok
20:17:46.0693 4504 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:17:46.0739 4504 CmBatt - ok
20:17:46.0831 4504 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
20:17:46.0853 4504 cmdide - ok
20:17:46.0958 4504 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
20:17:47.0011 4504 CNG - ok
20:17:47.0093 4504 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
20:17:47.0117 4504 Compbatt - ok
20:17:47.0293 4504 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
20:17:47.0351 4504 CompositeBus - ok
20:17:47.0448 4504 COMSysApp - ok
20:17:47.0498 4504 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
20:17:47.0522 4504 crcdisk - ok
20:17:47.0641 4504 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
20:17:47.0737 4504 CryptSvc - ok
20:17:47.0845 4504 CVPND (df37b0b9409c81b308cea2e8f39e2296) C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe
20:17:48.0020 4504 CVPND - ok
20:17:48.0135 4504 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:17:48.0235 4504 DcomLaunch - ok
20:17:48.0348 4504 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
20:17:48.0453 4504 defragsvc - ok
20:17:48.0564 4504 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
20:17:48.0660 4504 DfsC - ok
20:17:48.0769 4504 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
20:17:48.0883 4504 Dhcp - ok
20:17:48.0986 4504 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:17:49.0071 4504 discache - ok
20:17:49.0185 4504 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
20:17:49.0212 4504 Disk - ok
20:17:49.0377 4504 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
20:17:49.0443 4504 Dnscache - ok
20:17:49.0558 4504 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
20:17:49.0654 4504 dot3svc - ok
20:17:49.0735 4504 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
20:17:49.0839 4504 DPS - ok
20:17:49.0936 4504 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:17:49.0985 4504 drmkaud - ok
20:17:50.0098 4504 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
20:17:50.0154 4504 DXGKrnl - ok
20:17:50.0225 4504 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
20:17:50.0332 4504 EapHost - ok
20:17:50.0717 4504 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
20:17:50.0858 4504 ebdrv - ok
20:17:50.0961 4504 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
20:17:51.0020 4504 EFS - ok
20:17:51.0098 4504 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
20:17:51.0192 4504 ehRecvr - ok
20:17:51.0278 4504 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
20:17:51.0338 4504 ehSched - ok
20:17:51.0478 4504 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
20:17:51.0519 4504 elxstor - ok
20:17:51.0669 4504 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
20:17:51.0724 4504 ErrDev - ok
20:17:51.0829 4504 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
20:17:51.0938 4504 EventSystem - ok
20:17:52.0029 4504 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:17:52.0095 4504 exfat - ok
20:17:52.0170 4504 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:17:52.0261 4504 fastfat - ok
20:17:52.0367 4504 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
20:17:52.0478 4504 Fax - ok
20:17:52.0571 4504 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
20:17:52.0633 4504 fdc - ok
20:17:52.0748 4504 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
20:17:52.0843 4504 fdPHost - ok
20:17:52.0914 4504 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
20:17:53.0009 4504 FDResPub - ok
20:17:53.0090 4504 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:17:53.0119 4504 FileInfo - ok
20:17:53.0199 4504 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:17:53.0287 4504 Filetrace - ok
20:17:53.0375 4504 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
20:17:53.0401 4504 flpydisk - ok
20:17:53.0526 4504 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
20:17:53.0567 4504 FltMgr - ok
20:17:53.0709 4504 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
20:17:53.0796 4504 FontCache - ok
20:17:53.0917 4504 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:17:53.0941 4504 FontCache3.0.0.0 - ok
20:17:54.0018 4504 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:17:54.0042 4504 FsDepends - ok
20:17:54.0120 4504 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
20:17:54.0142 4504 Fs_Rec - ok
20:17:54.0254 4504 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
20:17:54.0290 4504 fvevol - ok
20:17:54.0372 4504 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
20:17:54.0396 4504 gagp30kx - ok
20:17:54.0486 4504 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:17:54.0564 4504 GamesAppService - ok
20:17:54.0741 4504 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:17:54.0761 4504 GEARAspiWDM - ok
20:17:54.0921 4504 GFNEXSrv (fa07ec01952729ddddc5bf4bae06b09e) C:\Windows\System32\GFNEXSrv.exe
20:17:55.0054 4504 GFNEXSrv - ok
20:17:55.0149 4504 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
20:17:55.0243 4504 gpsvc - ok
20:17:55.0329 4504 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:17:55.0392 4504 gupdate - ok
20:17:55.0413 4504 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:17:55.0475 4504 gupdatem - ok
20:17:55.0538 4504 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:17:55.0617 4504 gusvc - ok
20:17:55.0824 4504 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:17:55.0864 4504 hcw85cir - ok
20:17:56.0028 4504 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
20:17:56.0094 4504 HdAudAddService - ok
20:17:56.0195 4504 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
20:17:56.0250 4504 HDAudBus - ok
20:17:56.0340 4504 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
20:17:56.0381 4504 HidBatt - ok
20:17:56.0480 4504 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
20:17:56.0533 4504 HidBth - ok
20:17:56.0712 4504 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
20:17:56.0741 4504 HidIr - ok
20:17:56.0888 4504 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
20:17:56.0978 4504 hidserv - ok
20:17:57.0142 4504 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
20:17:57.0170 4504 HidUsb - ok
20:17:57.0247 4504 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
20:17:57.0366 4504 hkmsvc - ok
20:17:57.0453 4504 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
20:17:57.0528 4504 HomeGroupListener - ok
20:17:57.0607 4504 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
20:17:57.0679 4504 HomeGroupProvider - ok
20:17:57.0765 4504 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
20:17:57.0789 4504 HpSAMD - ok
20:17:57.0910 4504 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
20:17:58.0019 4504 HTTP - ok
20:17:58.0123 4504 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
20:17:58.0143 4504 hwpolicy - ok
20:17:58.0292 4504 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
20:17:58.0323 4504 i8042prt - ok
20:17:58.0442 4504 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
20:17:58.0480 4504 iaStorV - ok
20:17:58.0581 4504 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:17:58.0640 4504 idsvc - ok
20:17:58.0719 4504 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
20:17:58.0741 4504 iirsp - ok
20:17:58.0843 4504 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
20:17:58.0945 4504 IKEEXT - ok
20:17:59.0308 4504 IntcAzAudAddService (028e40182a6f0374978c755f85b9f07c) C:\windows\system32\drivers\RTKVHD64.sys
20:17:59.0397 4504 IntcAzAudAddService - ok
20:17:59.0484 4504 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
20:17:59.0505 4504 intelide - ok
20:17:59.0618 4504 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
20:17:59.0664 4504 intelppm - ok
20:17:59.0751 4504 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
20:17:59.0852 4504 IPBusEnum - ok
20:17:59.0927 4504 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:18:00.0004 4504 IpFilterDriver - ok
20:18:00.0106 4504 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
20:18:00.0211 4504 iphlpsvc - ok
20:18:00.0358 4504 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
20:18:00.0417 4504 IPMIDRV - ok
20:18:00.0513 4504 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:18:00.0593 4504 IPNAT - ok
20:18:00.0687 4504 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
20:18:00.0820 4504 iPod Service - ok
20:18:00.0937 4504 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:18:00.0969 4504 IRENUM - ok
20:18:01.0050 4504 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
20:18:01.0073 4504 isapnp - ok
20:18:01.0157 4504 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
20:18:01.0190 4504 iScsiPrt - ok
20:18:01.0267 4504 IviRegMgr (f415a88162d23977b5edae4f0410e903) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
20:18:01.0332 4504 IviRegMgr - ok
20:18:01.0444 4504 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
20:18:01.0468 4504 kbdclass - ok
20:18:01.0573 4504 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
20:18:01.0619 4504 kbdhid - ok
20:18:01.0727 4504 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:18:01.0777 4504 KeyIso - ok
20:18:01.0963 4504 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
20:18:01.0992 4504 KSecDD - ok
20:18:02.0117 4504 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
20:18:02.0150 4504 KSecPkg - ok
20:18:02.0247 4504 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:18:02.0331 4504 ksthunk - ok
20:18:02.0419 4504 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
20:18:02.0518 4504 KtmRm - ok
20:18:02.0630 4504 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
20:18:02.0728 4504 LanmanServer - ok
20:18:02.0908 4504 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
20:18:02.0990 4504 LanmanWorkstation - ok
20:18:03.0136 4504 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:18:03.0228 4504 lltdio - ok
20:18:03.0318 4504 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
20:18:03.0420 4504 lltdsvc - ok
20:18:03.0501 4504 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
20:18:03.0575 4504 lmhosts - ok
20:18:03.0686 4504 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
20:18:03.0711 4504 LSI_FC - ok
20:18:03.0818 4504 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
20:18:03.0852 4504 LSI_SAS - ok
20:18:03.0991 4504 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
20:18:04.0015 4504 LSI_SAS2 - ok
20:18:04.0145 4504 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
20:18:04.0170 4504 LSI_SCSI - ok
20:18:04.0281 4504 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:18:04.0379 4504 luafv - ok
20:18:04.0459 4504 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
20:18:04.0506 4504 Mcx2Svc - ok
20:18:04.0673 4504 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
20:18:04.0696 4504 megasas - ok
20:18:04.0779 4504 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
20:18:04.0819 4504 MegaSR - ok
20:18:04.0959 4504 Microsoft SharePoint Workspace Audit Service - ok
20:18:05.0082 4504 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:18:05.0181 4504 MMCSS - ok
20:18:05.0273 4504 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:18:05.0361 4504 Modem - ok
20:18:05.0519 4504 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:18:05.0570 4504 monitor - ok
20:18:05.0668 4504 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:18:05.0692 4504 mouclass - ok
20:18:05.0804 4504 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
20:18:05.0852 4504 mouhid - ok
20:18:05.0952 4504 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
20:18:05.0978 4504 mountmgr - ok
20:18:06.0204 4504 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
20:18:06.0238 4504 MpFilter - ok
20:18:06.0316 4504 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
20:18:06.0346 4504 mpio - ok
20:18:06.0526 4504 MpKsl97ef8a66 - ok
20:18:06.0673 4504 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
20:18:06.0698 4504 MpNWMon - ok
20:18:06.0747 4504 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:18:06.0812 4504 mpsdrv - ok
20:18:06.0906 4504 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
20:18:07.0018 4504 MpsSvc - ok
20:18:07.0203 4504 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
20:18:07.0257 4504 MRxDAV - ok
20:18:07.0380 4504 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
20:18:07.0431 4504 mrxsmb - ok
20:18:07.0514 4504 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:18:07.0551 4504 mrxsmb10 - ok
20:18:07.0626 4504 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:18:07.0658 4504 mrxsmb20 - ok
20:18:07.0739 4504 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
20:18:07.0761 4504 msahci - ok
20:18:07.0842 4504 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
20:18:07.0870 4504 msdsm - ok
20:18:07.0951 4504 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
20:18:08.0036 4504 MSDTC - ok
20:18:08.0125 4504 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:18:08.0183 4504 Msfs - ok
20:18:08.0262 4504 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:18:08.0341 4504 mshidkmdf - ok
20:18:08.0428 4504 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
20:18:08.0449 4504 msisadrv - ok
20:18:08.0561 4504 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
20:18:08.0658 4504 MSiSCSI - ok
20:18:08.0725 4504 msiserver - ok
20:18:08.0957 4504 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:18:09.0050 4504 MSKSSRV - ok
20:18:09.0158 4504 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
20:18:09.0186 4504 MsMpSvc - ok
20:18:09.0304 4504 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:18:09.0376 4504 MSPCLOCK - ok
20:18:09.0501 4504 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:18:09.0578 4504 MSPQM - ok
20:18:09.0666 4504 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
20:18:09.0707 4504 MsRPC - ok
20:18:09.0783 4504 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
20:18:09.0806 4504 mssmbios - ok
20:18:10.0046 4504 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:18:10.0136 4504 MSTEE - ok
20:18:10.0260 4504 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
20:18:10.0285 4504 MTConfig - ok
20:18:10.0658 4504 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:18:10.0684 4504 Mup - ok
20:18:10.0773 4504 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
20:18:10.0874 4504 napagent - ok
20:18:11.0001 4504 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:18:11.0075 4504 NativeWifiP - ok
20:18:11.0212 4504 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
20:18:11.0276 4504 NDIS - ok
20:18:11.0391 4504 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:18:11.0465 4504 NdisCap - ok
20:18:11.0571 4504 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:18:11.0630 4504 NdisTapi - ok
20:18:11.0756 4504 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
20:18:11.0831 4504 Ndisuio - ok
20:18:11.0921 4504 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
20:18:12.0000 4504 NdisWan - ok
20:18:12.0122 4504 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
20:18:12.0183 4504 NDProxy - ok
20:18:12.0332 4504 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:18:12.0414 4504 NetBIOS - ok
20:18:12.0505 4504 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
20:18:12.0575 4504 NetBT - ok
20:18:12.0661 4504 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:18:12.0698 4504 Netlogon - ok
20:18:12.0817 4504 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
20:18:12.0899 4504 Netman - ok
20:18:12.0980 4504 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
20:18:13.0079 4504 netprofm - ok
20:18:13.0176 4504 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:18:13.0211 4504 NetTcpPortSharing - ok
20:18:13.0345 4504 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
20:18:13.0368 4504 nfrd960 - ok
20:18:13.0509 4504 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
20:18:13.0535 4504 NisDrv - ok
20:18:13.0614 4504 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
20:18:13.0670 4504 NisSrv - ok
20:18:13.0791 4504 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
20:18:13.0900 4504 NlaSvc - ok
20:18:13.0959 4504 Norton PC Checkup Application Launcher - ok
20:18:14.0055 4504 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:18:14.0115 4504 Npfs - ok
20:18:14.0211 4504 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
20:18:14.0317 4504 nsi - ok
20:18:14.0495 4504 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:18:14.0581 4504 nsiproxy - ok
20:18:14.0696 4504 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
20:18:14.0773 4504 Ntfs - ok
20:18:14.0846 4504 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:18:14.0904 4504 Null - ok
20:18:15.0059 4504 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
20:18:15.0089 4504 nvraid - ok
20:18:15.0189 4504 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
20:18:15.0219 4504 nvstor - ok
20:18:15.0351 4504 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
20:18:15.0384 4504 nv_agp - ok
20:18:15.0504 4504 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
20:18:15.0549 4504 ohci1394 - ok
20:18:15.0672 4504 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:18:15.0734 4504 ose - ok
20:18:15.0986 4504 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:18:16.0427 4504 osppsvc - ok
20:18:16.0577 4504 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:18:16.0649 4504 p2pimsvc - ok
20:18:16.0739 4504 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
20:18:16.0792 4504 p2psvc - ok
20:18:16.0879 4504 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
20:18:16.0909 4504 Parport - ok
20:18:16.0996 4504 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
20:18:17.0022 4504 partmgr - ok
20:18:17.0102 4504 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
20:18:17.0171 4504 PcaSvc - ok
20:18:17.0262 4504 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
20:18:17.0372 4504 PCCUJobMgr - ok
20:18:17.0454 4504 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
20:18:17.0487 4504 pci - ok
20:18:17.0636 4504 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
20:18:17.0657 4504 pciide - ok
20:18:17.0747 4504 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
20:18:17.0779 4504 pcmcia - ok
20:18:17.0863 4504 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:18:17.0888 4504 pcw - ok
20:18:18.0184 4504 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:18:18.0362 4504 PEAUTH - ok
20:18:18.0453 4504 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
20:18:18.0518 4504 PerfHost - ok
20:18:18.0702 4504 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
20:18:18.0727 4504 PGEffect - ok
20:18:18.0931 4504 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
20:18:19.0036 4504 pla - ok
20:18:19.0155 4504 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
20:18:19.0234 4504 PlugPlay - ok
20:18:19.0350 4504 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
20:18:19.0413 4504 PNRPAutoReg - ok
20:18:19.0499 4504 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:18:19.0550 4504 PNRPsvc - ok
20:18:19.0643 4504 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
20:18:19.0749 4504 PolicyAgent - ok
20:18:19.0837 4504 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
20:18:19.0935 4504 Power - ok
20:18:20.0043 4504 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
20:18:20.0120 4504 PptpMiniport - ok
20:18:20.0207 4504 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
20:18:20.0256 4504 Processor - ok
20:18:20.0348 4504 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
20:18:20.0451 4504 ProfSvc - ok
20:18:20.0538 4504 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:18:20.0576 4504 ProtectedStorage - ok
20:18:20.0692 4504 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
20:18:20.0772 4504 Psched - ok
20:18:20.0850 4504 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
20:18:20.0998 4504 PSI_SVC_2 - ok
20:18:21.0200 4504 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
20:18:21.0263 4504 ql2300 - ok
20:18:21.0357 4504 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
20:18:21.0381 4504 ql40xx - ok
20:18:21.0457 4504 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
20:18:21.0526 4504 QWAVE - ok
20:18:21.0607 4504 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:18:21.0666 4504 QWAVEdrv - ok
20:18:21.0747 4504 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:18:21.0826 4504 RasAcd - ok
20:18:22.0010 4504 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:18:22.0072 4504 RasAgileVpn - ok
20:18:22.0212 4504 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
20:18:22.0318 4504 RasAuto - ok
20:18:22.0445 4504 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
20:18:22.0523 4504 Rasl2tp - ok
20:18:22.0615 4504 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
20:18:22.0701 4504 RasMan - ok
20:18:22.0821 4504 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:18:22.0905 4504 RasPppoe - ok
20:18:23.0015 4504 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:18:23.0132 4504 RasSstp - ok
20:18:23.0282 4504 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
20:18:23.0370 4504 rdbss - ok
20:18:23.0470 4504 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
20:18:23.0517 4504 rdpbus - ok
20:18:23.0608 4504 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:18:23.0681 4504 RDPCDD - ok
20:18:23.0786 4504 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:18:23.0866 4504 RDPENCDD - ok
20:18:23.0959 4504 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:18:24.0014 4504 RDPREFMP - ok
20:18:24.0112 4504 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
20:18:24.0166 4504 RDPWD - ok
20:18:24.0314 4504 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
20:18:24.0346 4504 rdyboost - ok
20:18:24.0423 4504 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\windows\system32\drivers\regi.sys
20:18:24.0444 4504 regi - ok
20:18:24.0530 4504 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
20:18:24.0625 4504 RemoteAccess - ok
20:18:24.0704 4504 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
20:18:24.0815 4504 RemoteRegistry - ok
20:18:24.0901 4504 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
20:18:24.0999 4504 RpcEptMapper - ok
20:18:25.0080 4504 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
20:18:25.0120 4504 RpcLocator - ok
20:18:25.0246 4504 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:18:25.0333 4504 RpcSs - ok
20:18:25.0484 4504 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:18:25.0570 4504 rspndr - ok
20:18:25.0677 4504 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
20:18:25.0705 4504 RSUSBSTOR - ok
20:18:25.0810 4504 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\windows\system32\DRIVERS\Rt64win7.sys
20:18:25.0841 4504 RTL8167 - ok
20:18:25.0974 4504 RTL8192Ce (fa088015155c4c6dab5d1d9e68eb9d6b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
20:18:26.0032 4504 RTL8192Ce - ok
20:18:26.0117 4504 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:18:26.0153 4504 SamSs - ok
20:18:26.0230 4504 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
20:18:26.0256 4504 sbp2port - ok
20:18:26.0342 4504 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
20:18:26.0426 4504 SCardSvr - ok
20:18:26.0522 4504 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
20:18:26.0600 4504 scfilter - ok
20:18:26.0691 4504 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
20:18:26.0823 4504 Schedule - ok
20:18:26.0905 4504 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:18:26.0986 4504 SCPolicySvc - ok
20:18:27.0302 4504 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
20:18:27.0366 4504 SDRSVC - ok
20:18:27.0496 4504 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:18:27.0570 4504 secdrv - ok
20:18:27.0654 4504 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
20:18:27.0725 4504 seclogon - ok
20:18:27.0752 4504 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
20:18:27.0849 4504 SENS - ok
20:18:27.0951 4504 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
20:18:28.0015 4504 SensrSvc - ok
20:18:28.0125 4504 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
20:18:28.0173 4504 Serenum - ok
20:18:28.0294 4504 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
20:18:28.0359 4504 Serial - ok
20:18:28.0502 4504 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
20:18:28.0564 4504 sermouse - ok
20:18:28.0654 4504 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
20:18:28.0756 4504 SessionEnv - ok
20:18:28.0846 4504 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
20:18:28.0874 4504 sffdisk - ok
20:18:28.0956 4504 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
20:18:29.0000 4504 sffp_mmc - ok
20:18:29.0090 4504 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
20:18:29.0144 4504 sffp_sd - ok
20:18:29.0278 4504 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
20:18:29.0335 4504 sfloppy - ok
20:18:29.0445 4504 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
20:18:29.0529 4504 SharedAccess - ok
20:18:29.0604 4504 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
20:18:29.0703 4504 ShellHWDetection - ok
20:18:29.0794 4504 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
20:18:29.0824 4504 SiSRaid2 - ok
20:18:29.0914 4504 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
20:18:29.0938 4504 SiSRaid4 - ok
20:18:30.0045 4504 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:18:30.0150 4504 Smb - ok
20:18:30.0294 4504 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
20:18:30.0394 4504 SNMPTRAP - ok
20:18:30.0470 4504 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:18:30.0492 4504 spldr - ok
20:18:30.0617 4504 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
20:18:30.0782 4504 Spooler - ok
20:18:30.0935 4504 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
20:18:31.0117 4504 sppsvc - ok
20:18:31.0239 4504 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
20:18:31.0324 4504 sppuinotify - ok
20:18:31.0476 4504 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
20:18:31.0543 4504 srv - ok
20:18:31.0655 4504 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
20:18:31.0711 4504 srv2 - ok
20:18:31.0794 4504 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
20:18:31.0841 4504 srvnet - ok
20:18:31.0951 4504 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
20:18:32.0081 4504 SSDPSRV - ok
20:18:32.0154 4504 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
20:18:32.0242 4504 SstpSvc - ok
20:18:32.0331 4504 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
20:18:32.0362 4504 stexstor - ok
20:18:32.0487 4504 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
20:18:32.0573 4504 stisvc - ok
20:18:32.0647 4504 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
20:18:32.0671 4504 swenum - ok
20:18:32.0763 4504 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
20:18:32.0885 4504 swprv - ok
20:18:33.0074 4504 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
20:18:33.0143 4504 SynTP - ok
20:18:33.0469 4504 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
20:18:33.0683 4504 SysMain - ok
20:18:33.0781 4504 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
20:18:33.0885 4504 TabletInputService - ok
20:18:34.0017 4504 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
20:18:34.0521 4504 TapiSrv - ok
20:18:34.0677 4504 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
20:18:34.0765 4504 TBS - ok
20:18:35.0034 4504 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
20:18:35.0127 4504 Tcpip - ok
20:18:35.0541 4504 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
20:18:35.0626 4504 TCPIP6 - ok
20:18:35.0985 4504 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
20:18:36.0060 4504 tcpipreg - ok
20:18:36.0157 4504 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
20:18:36.0192 4504 tdcmdpst - ok
20:18:36.0430 4504 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:18:36.0469 4504 TDPIPE - ok
20:18:36.0629 4504 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
20:18:36.0694 4504 TDTCP - ok
20:18:36.0857 4504 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
20:18:36.0935 4504 tdx - ok
20:18:37.0026 4504 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
20:18:37.0052 4504 TermDD - ok
20:18:37.0137 4504 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
20:18:37.0246 4504 TermService - ok
20:18:37.0333 4504 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
20:18:37.0382 4504 Themes - ok
20:18:37.0470 4504 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:18:37.0540 4504 THREADORDER - ok
20:18:37.0662 4504 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
20:18:37.0698 4504 TMachInfo - ok
20:18:37.0850 4504 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
20:18:38.0431 4504 TODDSrv - ok
20:18:38.0847 4504 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
20:18:38.0950 4504 TosCoSrv - ok
20:18:39.0048 4504 TOSHIBA eco Utility Service (63aafcf3ea5dbb17123e0bae9afe4d58) C:\Program Files\TOSHIBA\TECO\TecoService.exe
20:18:39.0160 4504 TOSHIBA eco Utility Service - ok
20:18:39.0247 4504 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
20:18:39.0319 4504 TOSHIBA HDD SSD Alert Service - ok
20:18:39.0403 4504 TPCHSrv (098b8a408c17e125a3d9a8e1166780c8) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
20:18:39.0517 4504 TPCHSrv - ok
20:18:39.0741 4504 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
20:18:39.0851 4504 TrkWks - ok
20:18:39.0917 4504 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
20:18:40.0030 4504 TrustedInstaller - ok
20:18:40.0123 4504 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
20:18:40.0200 4504 tssecsrv - ok
20:18:40.0348 4504 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
20:18:40.0377 4504 TsUsbFlt - ok
20:18:40.0803 4504 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
20:18:40.0865 4504 TsUsbGD - ok
20:18:40.0976 4504 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
20:18:41.0072 4504 tunnel - ok
20:18:41.0182 4504 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
20:18:41.0210 4504 TVALZ - ok
20:18:41.0450 4504 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
20:18:41.0471 4504 TVALZFL - ok
20:18:41.0605 4504 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
20:18:41.0635 4504 uagp35 - ok
20:18:41.0910 4504 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
20:18:42.0009 4504 udfs - ok
20:18:42.0105 4504 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
20:18:42.0167 4504 UI0Detect - ok
20:18:42.0582 4504 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
20:18:42.0609 4504 uliagpkx - ok
20:18:42.0729 4504 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
20:18:42.0785 4504 umbus - ok
20:18:43.0412 4504 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
20:18:43.0467 4504 UmPass - ok
20:18:43.0554 4504 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
20:18:43.0656 4504 upnphost - ok
20:18:43.0967 4504 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
20:18:44.0040 4504 USBAAPL64 - ok
20:18:44.0149 4504 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
20:18:44.0176 4504 usbccgp - ok
20:18:44.0601 4504 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
20:18:44.0635 4504 usbcir - ok
20:18:44.0719 4504 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
20:18:44.0767 4504 usbehci - ok
20:18:45.0055 4504 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
20:18:45.0145 4504 usbhub - ok
20:18:45.0245 4504 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
20:18:45.0288 4504 usbohci - ok
20:18:45.0421 4504 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:18:45.0481 4504 usbprint - ok
20:18:45.0754 4504 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
20:18:45.0784 4504 usbscan - ok
20:18:46.0767 4504 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:18:46.0828 4504 USBSTOR - ok
20:18:46.0922 4504 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
20:18:46.0946 4504 usbuhci - ok
20:18:47.0076 4504 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
20:18:47.0112 4504 usbvideo - ok
20:18:47.0188 4504 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
20:18:47.0288 4504 UxSms - ok
20:18:47.0383 4504 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:18:47.0420 4504 VaultSvc - ok
20:18:48.0170 4504 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
20:18:48.0194 4504 vdrvroot - ok
20:18:48.0362 4504 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
20:18:48.0697 4504 vds - ok
20:18:48.0821 4504 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:18:48.0850 4504 vga - ok
20:18:49.0064 4504 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:18:49.0166 4504 VgaSave - ok
20:18:49.0818 4504 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
20:18:49.0853 4504 vhdmp - ok
20:18:50.0162 4504 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
20:18:50.0183 4504 viaide - ok
20:18:50.0302 4504 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
20:18:50.0330 4504 volmgr - ok
20:18:50.0429 4504 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
20:18:50.0465 4504 volmgrx - ok
20:18:50.0607 4504 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
20:18:50.0642 4504 volsnap - ok
20:18:50.0801 4504 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
20:18:50.0828 4504 vsmraid - ok
20:18:51.0185 4504 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
20:18:51.0323 4504 VSS - ok
20:18:51.0415 4504 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:18:51.0515 4504 vwifibus - ok
20:18:51.0624 4504 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:18:51.0684 4504 vwififlt - ok
20:18:51.0876 4504 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
20:18:51.0971 4504 W32Time - ok
20:18:53.0439 4504 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
20:18:53.0774 4504 WacomPen - ok
20:18:54.0142 4504 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:18:54.0258 4504 WANARP - ok
20:18:54.0285 4504 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:18:54.0352 4504 Wanarpv6 - ok
20:18:54.0736 4504 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
20:18:55.0203 4504 WatAdminSvc - ok
20:18:55.0463 4504 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
20:18:55.0663 4504 wbengine - ok
20:18:55.0876 4504 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
20:18:55.0948 4504 WbioSrvc - ok
20:18:56.0202 4504 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
20:18:56.0291 4504 wcncsvc - ok
20:18:56.0424 4504 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
20:18:56.0482 4504 WcsPlugInService - ok
20:18:56.0616 4504 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
20:18:56.0639 4504 Wd - ok
20:18:56.0856 4504 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:18:56.0919 4504 Wdf01000 - ok
20:18:57.0020 4504 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:18:57.0109 4504 WdiServiceHost - ok
20:18:57.0114 4504 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:18:57.0195 4504 WdiSystemHost - ok
20:18:57.0285 4504 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
20:18:57.0621 4504 WebClient - ok
20:18:57.0797 4504 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
20:18:57.0940 4504 Wecsvc - ok
20:18:58.0146 4504 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
20:18:58.0242 4504 wercplsupport - ok
20:18:58.0406 4504 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
20:18:58.0525 4504 WerSvc - ok
20:18:59.0692 4504 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:18:59.0825 4504 WfpLwf - ok
20:19:00.0027 4504 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:19:00.0055 4504 WIMMount - ok
20:19:00.0089 4504 WinDefend - ok
20:19:00.0099 4504 WinHttpAutoProxySvc - ok
20:19:00.0468 4504 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
20:19:00.0570 4504 Winmgmt - ok
20:19:00.0791 4504 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
20:19:00.0932 4504 WinRM - ok
20:19:01.0173 4504 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
20:19:01.0215 4504 WinUsb - ok
20:19:01.0360 4504 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
20:19:01.0478 4504 Wlansvc - ok
20:19:01.0630 4504 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:19:01.0689 4504 wlcrasvc - ok
20:19:01.0948 4504 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:19:02.0210 4504 wlidsvc - ok
20:19:02.0469 4504 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
20:19:02.0563 4504 WmiAcpi - ok
20:19:03.0535 4504 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
20:19:03.0606 4504 wmiApSrv - ok
20:19:03.0733 4504 WMPNetworkSvc - ok
20:19:03.0803 4504 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
20:19:03.0844 4504 WPCSvc - ok
20:19:03.0915 4504 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
20:19:03.0968 4504 WPDBusEnum - ok
20:19:04.0299 4504 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:19:04.0362 4504 ws2ifsl - ok
20:19:04.0469 4504 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
20:19:04.0543 4504 wscsvc - ok
20:19:04.0604 4504 WSearch - ok
20:19:04.0741 4504 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
20:19:04.0909 4504 wuauserv - ok
20:19:05.0365 4504 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
20:19:05.0457 4504 WudfPf - ok
20:19:05.0567 4504 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
20:19:05.0652 4504 WUDFRd - ok
20:19:05.0720 4504 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
20:19:05.0796 4504 wudfsvc - ok
20:19:05.0875 4504 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
20:19:05.0952 4504 WwanSvc - ok
20:19:06.0026 4504 MBR (0x1B8) (849e52748aab5959bc8000cb4974bc13) \Device\Harddisk0\DR0
20:19:06.0235 4504 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:19:06.0236 4504 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:19:06.0600 4504 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:19:06.0601 4504 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:19:07.0448 4504 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
20:19:07.0669 4504 \Device\Harddisk1\DR1 - ok
20:19:07.0800 4504 Boot (0x1200) (a34c67791cd669792a9a2e3159c081f3) \Device\Harddisk0\DR0\Partition0
20:19:07.0801 4504 \Device\Harddisk0\DR0\Partition0 - ok
20:19:07.0808 4504 Boot (0x1200) (ec7d6f06d94295ad3eb8c39dc0751a60) \Device\Harddisk1\DR1\Partition0
20:19:07.0809 4504 \Device\Harddisk1\DR1\Partition0 - ok
20:19:07.0809 4504 ============================================================
20:19:07.0810 4504 Scan finished
20:19:07.0810 4504 ============================================================
20:19:07.0823 1036 Detected object count: 2
20:19:07.0823 1036 Actual detected object count: 2
20:20:39.0632 1036 \Device\Harddisk0\DR0\# - copied to quarantine
20:20:39.0643 1036 \Device\Harddisk0\DR0 - copied to quarantine
20:20:41.0571 1036 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:20:41.0618 1036 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:20:41.0659 1036 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:20:41.0697 1036 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:20:41.0785 1036 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:20:45.0477 1036 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:20:45.0542 1036 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:20:45.0547 1036 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:20:45.0553 1036 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:20:45.0560 1036 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:20:45.0607 1036 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:20:45.0623 1036 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:20:45.0755 1036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:20:45.0756 1036 \Device\Harddisk0\DR0 - ok
20:20:46.0406 1036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:20:46.0407 1036 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:20:46.0407 1036 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:21:14.0216 5488 Deinitialize success
  • 0

#4
kitt0024
Posted 28 March 2012 - 09:29 PM

kitt0024

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I haven't had a chance to do a whole lot yet, but google searches are ok now and machine restarts successfully for the first time in over a week. Combofix ran forever. Like at least an hour, I'd guess. Here are the logs:

ComboFix 12-03-28.02 - Janet 03/28/2012 20:33:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.4063 [GMT -5:00]
Running from: c:\users\Janet\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 02:24 . 2012-03-29 02:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 01:20 . 2012-03-29 01:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 01:19 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C1521DA-BBA0-4F3D-A2BC-F4C6CA9F56E4}\mpengine.dll
2012-03-19 15:17 . 2012-03-19 15:17 19416 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2012-03-19 15:17 . 2012-03-19 15:17 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-03-19 15:17 . 2012-03-19 15:17 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-03-19 15:17 . 2012-03-19 15:17 125912 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe
2012-03-19 15:17 . 2012-03-19 15:17 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-03-18 23:51 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-18 23:51 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-18 23:51 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-18 23:51 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-18 23:51 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-18 23:51 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 23:51 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-18 21:52 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-18 21:52 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-18 21:52 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-11 22:50 . 2012-03-11 22:50 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\7646.tmp
2012-03-11 22:50 . 2012-03-11 22:50 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\7617.tmp
2012-03-11 19:47 . 2012-03-11 19:47 -------- d-----w- c:\users\Janet\AppData\Local\Diagnostics
2012-03-10 20:33 . 2012-03-10 20:33 -------- d-----w- c:\users\Janet\AppData\Roaming\Amazon
2012-03-10 20:32 . 2012-03-10 20:32 -------- d-----w- c:\program files (x86)\Amazon
2012-03-06 01:05 . 2012-03-06 01:05 -------- d-----w- c:\program files (x86)\Interweave eMags
2012-03-03 19:30 . 2012-03-03 19:30 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-14 00:14 . 2012-02-14 00:14 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B6CB119-BC2A-4C72-BF6F-E69AFE851ACA}\gapaengine.dll
2012-02-08 07:13 . 2011-10-17 03:29 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-15 04:07 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 04:07 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 04:07 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 04:07 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Janet\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
U.S. Bancorp - VPN Client 4.0.3.lnk - c:\program files\USBancorp\USBancorp VPN Client\vpngui.exe [2011-10-15 1459392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl97ef8a66;MpKsl97ef8a66;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CA1B51F-4310-4C34-8AE4-6778CCBFA4CB}\MpKsl97ef8a66.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-16 136176]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-16 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [x]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-01-20 135608]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-16 04:34]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-16 04:34]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-720849286-3220693375-4192845142-1000Core.job
- c:\users\Janet\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 14:39]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-720849286-3220693375-4192845142-1000UA.job
- c:\users\Janet\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 14:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 75.75.76.76
FF - ProfilePath - c:\users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\a5ywafug.default\
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\USBancorp\USBancorp VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Completion time: 2012-03-28 21:31:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-29 02:31
.
Pre-Run: 289,081,077,760 bytes free
Post-Run: 290,819,059,712 bytes free
.
- - End Of File - - 88228ED97B41D2611E25905BA375934B
  • 0

#5
kitt0024
Posted 28 March 2012 - 09:42 PM

kitt0024

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
One other quick note as to how computer is running. After running combofix, I was unable to launch IE9, but a reboot seems to have resolved the issue. Rebooting no longer tries to run system repair.
  • 0

#6
maliprog
Posted 28 March 2012 - 11:17 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi kitt0024,

TDSSKiller and Combofix did great job but you are not off the hook jet. We must remove all leftovers to make sure infection won't return.

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply


Step 2


Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 3

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 4

Please don't forget to include these items in your reply:

  • aswMBR log
  • VRT log
  • New OTL scan log
It would be helpful if you could post each log in separate post
  • 0

#7
kitt0024
Posted 31 March 2012 - 04:24 PM

kitt0024

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Sorry for the delay. Couldn't do anything Thursday night, and VRT took a LONG time to run.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-30 18:52:22
-----------------------------
18:52:22.343 OS Version: Windows x64 6.1.7601 Service Pack 1
18:52:22.343 Number of processors: 4 586 0x100
18:52:22.343 ComputerName: JANET-TOSHIBA UserName: Janet
18:52:27.569 Initialize success
18:52:58.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
18:52:58.437 Disk 0 Vendor: TOSHIBA_MK6476GSXN GB001M Size: 610480MB BusType: 11
18:52:58.500 Disk 0 MBR read successfully
18:52:58.500 Disk 0 MBR scan
18:52:58.500 Disk 0 Windows VISTA default MBR code
18:52:58.515 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
18:52:58.531 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 594512 MB offset 3074048
18:52:58.562 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14467 MB offset 1220634624
18:52:58.640 Disk 0 scanning C:\windows\system32\drivers
18:53:08.624 Service scanning
18:53:32.944 Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
18:53:54.800 Modules scanning
18:53:54.816 Disk 0 trace - called modules:
18:53:54.847 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:53:54.847 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065cc060]
18:53:54.862 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8005f6d680]
18:53:54.862 Scan finished successfully
18:54:10.416 Disk 0 MBR has been saved successfully to "C:\Users\Janet\Desktop\MBR.dat"
18:54:10.416 The log file has been saved successfully to "C:\Users\Janet\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   608bytes   61 downloads

  • 0

#8
kitt0024
Posted 31 March 2012 - 04:26 PM

kitt0024

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
VRT log attached

Attached Files


  • 0

#9
kitt0024
Posted 31 March 2012 - 04:27 PM

kitt0024

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OTL logfile created on: 3/31/2012 5:14:57 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Janet\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 3.79 Gb Available Physical Memory | 69.18% Memory free
10.96 Gb Paging File | 9.15 Gb Available in Paging File | 83.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.58 Gb Total Space | 270.60 Gb Free Space | 46.61% Space Free | Partition Type: NTFS
Drive D: | 46.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 976.13 Mb Total Space | 799.41 Mb Free Space | 81.90% Space Free | Partition Type: FAT

Computer Name: JANET-TOSHIBA | User Name: Janet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/31 17:12:45 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Janet\Desktop\OTL.exe
PRC - [2012/02/14 18:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Janet\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/19 23:58:08 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
PRC - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2010/05/20 18:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/07/17 11:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2003/07/18 15:02:18 | 001,422,528 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/07/17 11:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
MOD - [2007/02/07 16:51:20 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncRs.crl


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/01 13:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/09 23:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/24 11:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 16:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/20 18:16:30 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 16:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/09 19:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2003/07/18 15:02:18 | 001,422,528 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe -- (CVPND)
SRV - [2012/01/19 23:58:08 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 19:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/05/20 18:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/31 03:21:39 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\88838379.sys -- (88838379)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/20 19:00:52 | 009,256,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 17:39:58 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 19:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 21:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/13 21:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 10:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/10/29 18:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/04/17 13:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {056D4033-EAFC-4E5A-A499-AD0E2974DFE9}
IE:64bit: - HKLM\..\SearchScopes\{056D4033-EAFC-4E5A-A499-AD0E2974DFE9}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {056D4033-EAFC-4E5A-A499-AD0E2974DFE9}
IE - HKLM\..\SearchScopes\{056D4033-EAFC-4E5A-A499-AD0E2974DFE9}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com
IE - HKCU\..\SearchScopes,DefaultScope = {BCA082B1-A84D-4145-8988-9EA780CB698A}
IE - HKCU\..\SearchScopes\{056D4033-EAFC-4E5A-A499-AD0E2974DFE9}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP
IE - HKCU\..\SearchScopes\{BCA082B1-A84D-4145-8988-9EA780CB698A}: "URL" = http://www.google.co...1I7TSNP_enUS453
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Janet\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Janet\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Janet\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Janet\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/20 22:38:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/23 17:43:29 | 000,000,000 | ---D | M]

[2011/10/16 15:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janet\AppData\Roaming\Mozilla\Extensions
[2011/10/16 15:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/19 10:17:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/23 17:43:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2012/03/19 10:16:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/19 10:16:46 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Janet\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Janet\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/03/28 21:26:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKLM..\RunOnce: [GrpConv] C:\windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Janet\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B917922F-3D1F-49A1-B54B-6727F94A2346}: DhcpNameServer = 8.8.8.8 8.8.4.4 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/28 17:59:17 | 000,000,163 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/31 17:12:45 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Janet\Desktop\OTL.exe
[2012/03/30 19:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/03/30 19:02:22 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\88838379.sys
[2012/03/30 18:51:45 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Janet\Desktop\aswMBR.exe
[2012/03/28 22:18:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/28 21:31:29 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/03/28 20:31:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/03/28 20:31:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/03/28 20:31:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/03/28 20:31:28 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/03/28 20:31:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/28 20:20:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/28 20:16:05 | 004,448,457 | R--- | C] (Swearware) -- C:\Users\Janet\Desktop\ComboFix.exe
[2012/03/28 20:15:02 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Janet\Desktop\tdsskiller.exe
[2012/03/11 14:47:46 | 000,000,000 | ---D | C] -- C:\Users\Janet\AppData\Local\Diagnostics
[2012/03/10 15:45:18 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/03/10 15:33:13 | 000,000,000 | ---D | C] -- C:\Users\Janet\Documents\Amazon MP3
[2012/03/10 15:33:13 | 000,000,000 | ---D | C] -- C:\Users\Janet\AppData\Roaming\Amazon
[2012/03/10 15:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/03/05 20:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interweave eMags
[2012/03/05 20:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Interweave eMags
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/31 17:12:45 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Janet\Desktop\OTL.exe
[2012/03/31 16:55:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-720849286-3220693375-4192845142-1000UA.job
[2012/03/31 16:32:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/31 16:00:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/31 03:21:39 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\88838379.sys
[2012/03/30 21:55:01 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-720849286-3220693375-4192845142-1000Core.job
[2012/03/30 21:11:15 | 000,000,944 | -HS- | M] () -- C:\windows\0252566drv.spi
[2012/03/30 19:32:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/30 18:57:37 | 127,438,480 | ---- | M] () -- C:\Users\Janet\Desktop\setup_11.0.0.1245.x01_2012_03_31_03_21.exe
[2012/03/30 18:57:01 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/30 18:57:01 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/30 18:55:18 | 000,733,756 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/03/30 18:55:18 | 000,629,182 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/03/30 18:55:18 | 000,108,366 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/03/30 18:54:10 | 000,000,512 | ---- | M] () -- C:\Users\Janet\Desktop\MBR.dat
[2012/03/30 18:52:10 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Janet\Desktop\aswMBR.exe
[2012/03/30 18:49:30 | 117,010,431 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/28 21:26:25 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/03/28 20:16:14 | 004,448,457 | R--- | M] (Swearware) -- C:\Users\Janet\Desktop\ComboFix.exe
[2012/03/28 20:15:06 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Janet\Desktop\tdsskiller.exe
[2012/03/19 11:57:58 | 000,746,970 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/19 11:50:16 | 000,418,232 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/03/19 10:32:06 | 000,000,129 | ---- | M] () -- C:\windows\SysNative\MRT.INI
[2012/03/10 19:01:51 | 000,857,813 | ---- | M] () -- C:\Users\Janet\Desktop\million-pound-pledge-rebate-form-sd.pdf
[2012/03/05 20:05:15 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\ColorKnits Fall 2011.lnk
[2012/03/05 19:09:58 | 004,519,131 | ---- | M] () -- C:\Users\Janet\Desktop\2012_chevrolet_equinox_owners.pdf
[2012/03/05 15:00:36 | 000,668,768 | ---- | M] () -- C:\Users\Janet\Desktop\fresh_flow_pump_instruction_sheet.pdf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/30 19:27:06 | 000,000,944 | -HS- | C] () -- C:\windows\0252566drv.spi
[2012/03/30 18:55:48 | 127,438,480 | ---- | C] () -- C:\Users\Janet\Desktop\setup_11.0.0.1245.x01_2012_03_31_03_21.exe
[2012/03/30 18:54:10 | 000,000,512 | ---- | C] () -- C:\Users\Janet\Desktop\MBR.dat
[2012/03/28 20:31:33 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/03/28 20:31:33 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/03/28 20:31:33 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/03/28 20:31:33 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/03/28 20:31:33 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/03/19 10:32:06 | 000,000,129 | ---- | C] () -- C:\windows\SysNative\MRT.INI
[2012/03/10 19:01:49 | 000,857,813 | ---- | C] () -- C:\Users\Janet\Desktop\million-pound-pledge-rebate-form-sd.pdf
[2012/03/05 20:05:15 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\ColorKnits Fall 2011.lnk
[2012/03/05 19:09:54 | 004,519,131 | ---- | C] () -- C:\Users\Janet\Desktop\2012_chevrolet_equinox_owners.pdf
[2012/03/05 15:00:34 | 000,668,768 | ---- | C] () -- C:\Users\Janet\Desktop\fresh_flow_pump_instruction_sheet.pdf
[2011/10/16 22:24:29 | 000,746,970 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/09/15 23:18:15 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/09/15 23:14:03 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2011/09/15 23:13:18 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/09/15 23:11:07 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\windows\primopdf.ini
[2011/02/03 21:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/03/10 15:33:13 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Amazon
[2011/11/14 22:18:24 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Book Place
[2011/12/23 17:43:29 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Catalina Marketing Corp
[2012/03/30 18:50:30 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Dropbox
[2011/12/22 11:08:38 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\PrimoPDF
[2011/10/22 13:04:06 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\TeraCopy
[2011/10/16 16:19:47 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Tific
[2011/10/15 17:47:10 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Toshiba
[2011/10/15 17:43:16 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\WinBatch
[2009/07/14 00:08:49 | 000,012,158 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#10
kitt0024
Posted 31 March 2012 - 04:34 PM

kitt0024

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Maliprog, thank you so much for your help so far with my laptop. I have an older laptop that I was using while the primary laptop was down due to this infection. The two are on the same network, have access to each other's shared folders, and I sometimes copy files between them. Last night I noticed the older Dell laptop is experiencing google link hijacks in IE. It's the first sign of any problem I've seen and had recently run an AVG scan on it with no issues detected. However, I am now concerned the malware has spread to it too and have shut it down and not done anything with it since. If I post an OTL log here, can you help me verify whether it now has the same infection? If I need to start over in the main forum, I understand, so wanted to ask before posting the log in this thread.

Thanks again for your generous help.
  • 0

Advertisements

#11
maliprog
Posted 01 April 2012 - 11:42 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi kitt0024,

This PC is clean now. I'm glad we fix up your computer.

Don't transfer any files between these two notebooks. I'll help you with second one here in this thread. All my steps from now are related to this older notebook.

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#12
kitt0024
Posted 02 April 2012 - 12:17 PM

kitt0024

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thanks again, Mali. Here is the new OTL log for the other PC.

OTL logfile created on: 4/2/2012 10:19:39 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Janet\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.99% Memory free
3.84 Gb Paging File | 3.25 Gb Available in Paging File | 84.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.47 Gb Total Space | 96.53 Gb Free Space | 65.90% Space Free | Partition Type: NTFS
Drive F: | 15.43 Gb Total Space | 11.40 Gb Free Space | 73.86% Space Free | Partition Type: FAT32

Computer Name: VOSTRO1500 | User Name: Janet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/02 10:04:38 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.scr
PRC - [2012/02/14 18:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Janet\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/10/11 04:19:14 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2009/11/13 15:27:49 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008/12/24 16:39:11 | 001,258,840 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Sprint Instinct Applications\MEMonitor.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/01 15:39:28 | 000,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/10/11 09:49:50 | 000,465,136 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
PRC - [2007/07/17 11:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2007/06/06 16:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/12/28 15:36:02 | 000,303,104 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2006/11/02 14:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/08/17 09:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2003/07/18 15:02:18 | 001,422,528 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe
PRC - [2002/05/22 12:42:36 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files\Handspring\HOTSYNC.EXE
PRC - [2002/04/17 11:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 11:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/14 22:56:24 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2008/03/24 23:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2007/12/11 14:22:30 | 000,139,264 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2007/12/11 14:21:52 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/07/17 11:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
MOD - [2007/02/07 16:51:20 | 000,188,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncRs.crl
MOD - [2006/12/11 15:12:04 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2002/04/17 11:49:22 | 000,024,576 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 11:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/10/11 04:19:14 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/03/26 17:08:40 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2007/10/11 09:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2003/07/18 15:02:18 | 001,422,528 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/10/23 00:24:38 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2007/12/11 14:22:24 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/23 18:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/06/06 16:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/08 22:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 22:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 22:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 22:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 12:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/11/16 16:42:48 | 000,045,056 | ---- | M] (InterVideo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iviVD.sys -- (iviVD)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/07/18 15:01:28 | 000,268,360 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003/05/01 13:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2003/03/03 14:08:56 | 000,176,896 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2002/08/26 17:09:42 | 000,138,916 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2002/05/22 12:42:42 | 000,015,326 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "GoodSearch"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1423


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Janet\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Janet\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Janet\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Janet\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Janet\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Janet\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 10:05:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 16:41:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/18 16:41:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Janet\Application Data\Move Networks [2009/10/25 21:28:25 | 000,000,000 | ---D | M]

[2008/09/15 17:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Extensions
[2012/03/30 19:58:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\b2qrf00f.default\extensions
[2009/09/08 21:17:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\b2qrf00f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/07/17 20:31:42 | 000,000,000 | ---D | M] (Map+) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\b2qrf00f.default\extensions\{5359A5B3-9AFD-49ee-8C39-0A8F97A2A2D6}
[2011/12/19 15:56:31 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\b2qrf00f.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2010/01/31 15:53:34 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\b2qrf00f.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/12/19 15:56:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\b2qrf00f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/19 15:56:41 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\b2qrf00f.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2008/05/27 21:24:56 | 000,001,045 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\b2qrf00f.default\searchplugins\goodsearch.xml
[2012/03/30 19:58:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/05 17:58:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\Access Privileges Test
[2009/10/25 21:28:25 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\JANET\APPLICATION DATA\MOVE NETWORKS
[2012/02/03 10:05:15 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2009/04/22 21:43:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/11/28 13:20:25 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2012/04/02 10:03:54 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [Update] C:\Documents and Settings\Janet\Application Data\BitTorrent\BitTorrent\buhjtfc.dll (Crytek GmbH)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\U.S. Bancorp - VPN Client 4.0.3.lnk = C:\Program Files\USBancorp\USBancorp VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Janet\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Janet\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Janet\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\Janet\Start Menu\Programs\Startup\Sprint media monitor.lnk = C:\WINDOWS\RM.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.micr...9E3A1BC/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://usbportal.us...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AE81081-AB5E-45A6-857A-87F57BF47C04}: DhcpNameServer = 8.8.8.8 8.8.4.4 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Janet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Janet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{daff130a-cdf6-11dd-bd0f-001f3a5d5041}\Shell - "" = AutoRun
O33 - MountPoints2\{daff130a-cdf6-11dd-bd0f-001f3a5d5041}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{daff130a-cdf6-11dd-bd0f-001f3a5d5041}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/02 10:04:50 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.scr
[6 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/02 10:15:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/02 10:15:26 | 2137,038,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/02 10:13:48 | 000,443,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/02 10:13:48 | 000,072,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/02 10:08:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2228565510-2934158570-1151312419-1006UA.job
[2012/04/02 10:04:38 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.scr
[2012/04/02 10:03:49 | 000,001,732 | -H-- | M] () -- C:\Documents and Settings\Janet\My Documents\Default.rdp
[2012/03/30 18:58:25 | 093,165,119 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/03/30 12:08:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2228565510-2934158570-1151312419-1006Core.job
[2012/03/28 21:36:04 | 000,002,613 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro Studio.lnk
[2012/03/16 18:57:32 | 000,231,780 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/03/15 23:53:55 | 000,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 20:27:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/11 16:11:25 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Janet\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/14 22:43:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/27 18:37:51 | 000,001,265 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/11/24 19:01:25 | 000,018,187 | ---- | C] () -- C:\Program Files\Common Files\bookmarks.html
[2010/10/18 17:16:33 | 000,032,496 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/09 18:21:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Janet\Local Settings\Application Data\prvlcl.dat

========== LOP Check ==========

[2010/11/15 11:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/13 13:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/11/19 18:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/11/15 11:18:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/24 18:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2012/01/17 22:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/04/14 21:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/03/22 03:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/03/28 17:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/04/12 11:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2008/09/05 17:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/08 19:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/02/10 00:41:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{438914D2-3454-4B38-AC4F-D34204727071}
[2009/02/14 15:51:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C6B2832F-43D8-4E6B-8D87-20BEDCB9687D}
[2009/01/09 00:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\$CUERoot$
[2010/11/15 11:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\AVG10
[2012/03/30 20:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\BitTorrent
[2012/04/02 10:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\DNA
[2012/04/02 10:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Dropbox
[2009/11/28 13:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\E-centives
[2009/08/23 13:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\GARMIN
[2008/06/11 21:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Helios
[2011/11/11 09:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Juniper Networks
[2008/04/03 16:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Mobipocket
[2009/04/14 22:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\pdf995
[2009/03/28 17:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Smith Micro
[2010/04/12 11:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\TaxCut

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/18 16:41:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/18 16:41:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/18 16:41:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/18 16:41:35 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/18 16:41:35 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/18 16:41:35 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/12/16 06:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/18 16:41:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/18 16:41:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/18 16:41:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/18 16:41:35 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/18 16:41:35 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/18 16:41:35 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/12/16 06:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >
  • 0

#13
kitt0024
Posted 02 April 2012 - 12:19 PM

kitt0024

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
and extra.txt

OTL Extras logfile created on: 4/2/2012 10:19:39 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Janet\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.99% Memory free
3.84 Gb Paging File | 3.25 Gb Available in Paging File | 84.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.47 Gb Total Space | 96.53 Gb Free Space | 65.90% Space Free | Partition Type: NTFS
Drive F: | 15.43 Gb Total Space | 11.40 Gb Free Space | 73.86% Space Free | Partition Type: FAT32

Computer Name: VOSTRO1500 | User Name: Janet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\activePDF\PrimoPDF\PrimoPDF.exe" = C:\Program Files\activePDF\PrimoPDF\PrimoPDF.exe:*:Disabled:PrimoPDF -- (activePDF)
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004 -- (Macromedia, Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
"C:\Documents and Settings\Janet\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Janet\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Janet\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Janet\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{14C9AE19-4254-4280-ACD3-E159231DC2CD}" = Garmin Communicator Plugin
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1A2E804D-0AB2-424A-A72E-E104E5C4A0B8}" = MapSource - US Topo 24K National Parks, West v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2514199A-EB1C-4BAF-9D2D-BE02AFFBBC95}" = Sock Wizard V2
"{259AB190-2A94-4970-9FE8-1E9361B0CC9B}" = MapSource - US Topo 24K National Parks, Central v3
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45AB2DEF-2577-43CC-95FF-A027AD6ADFE8}" = Sweater Wizard V3
"{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{614F6133-1897-3CB9-859A-F2A19FBE8D4A}" = Google Talk Plugin
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6CC93102-135E-49E2-99A4-C431E671C12A}" = HP Photo and Imaging 2.0 - Scanners
"{73AA12E1-5FFD-4545-9A28-CE7C318F284E}" = AVG 2011
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8912A802-1DD4-41F3-8450-B3209081BDB9}" = Sprint media manager
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92A0792A-E771-4C4A-9A4A-C2917AA19EEA}" = H&R Block Basic + Efile 2009
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9DA735C0-3C3E-4CB3-BC26-BE95E768115F}" = Garmin City Navigator North America NT 2009 Update
"{9DBCAEDF-4853-437F-8B62-9C3B1267E9A4}" = AVG 2011
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A75949C3-DC28-42CA-9C56-24C002B93D89}" = Garmin City Navigator North America v8
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop and Synchronization Software
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C167A588-87AA-47BF-A88E-5B0F9A14480D}" = InterVideo DVDCopy5
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC1EBED4-B5A0-4F55-8B12-14CE39A8235B}" = TaxCut Standard + Efile 2008
"{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}" = Creative Zen Vision M
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FB833199-D442-47F6-B8C9-A756078B7B3C}" = Garmin Inland Lakes v3
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3 Plugin
"AVG" = AVG 2011
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"DVD Identifier_is1" = DVD Identifier
"ERUNT_is1" = ERUNT 1.1j
"FLV Player" = FLV Player 2.0 (build 25)
"Google Desktop" = Google Desktop
"GSAK_is1" = GSAK 7.7.1.34 (Final)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"hp instant support" = hp instant support
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{259AB190-2A94-4970-9FE8-1E9361B0CC9B}" = MapSource - US Topo 24K National Parks, Central v3
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PrimoPDF4.1.0.9" = PrimoPDF
"PuTTY_is1" = PuTTY version 0.60
"SearchAssist" = SearchAssist
"Secure iXplorer GPL_is1" = Secure iXplorer 0.19b
"Sock Wizard V2" = Sock Wizard V2
"Sweater Wizard V3" = Sweater Wizard V3
"SynTPDeinstKey" = Dell Touchpad
"SysInfo" = Creative System Information
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/31/2012 2:22:26 AM | Computer Name = VOSTRO1500 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1969

Error - 3/31/2012 2:22:28 AM | Computer Name = VOSTRO1500 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/31/2012 2:22:28 AM | Computer Name = VOSTRO1500 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4141

Error - 3/31/2012 2:22:28 AM | Computer Name = VOSTRO1500 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4141

Error - 3/31/2012 2:22:30 AM | Computer Name = VOSTRO1500 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/31/2012 2:22:30 AM | Computer Name = VOSTRO1500 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6109

Error - 3/31/2012 2:22:30 AM | Computer Name = VOSTRO1500 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6109

Error - 3/31/2012 2:22:32 AM | Computer Name = VOSTRO1500 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/31/2012 2:22:32 AM | Computer Name = VOSTRO1500 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8078

Error - 3/31/2012 2:22:32 AM | Computer Name = VOSTRO1500 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8078

[ System Events ]
Error - 3/19/2012 10:35:03 AM | Computer Name = VOSTRO1500 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.133.206.22 for the Network Card with network
address 00FF904A5A8A has been denied by the DHCP server 10.127.190.121 (The DHCP
Server sent a DHCPNACK message).

Error - 3/19/2012 7:17:11 PM | Computer Name = VOSTRO1500 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 3/19/2012 7:17:11 PM | Computer Name = VOSTRO1500 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 3/20/2012 8:30:11 PM | Computer Name = VOSTRO1500 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.115 on
the Network Card with network address 001F3A5D5041.

Error - 3/20/2012 8:30:38 PM | Computer Name = VOSTRO1500 | Source = iviVD | ID = 262153
Description = The device, \Device\Scsi\iviVD1, did not respond within the timeout
period.

Error - 3/26/2012 10:33:58 AM | Computer Name = VOSTRO1500 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.133.199.75 for the Network Card with network
address 00FF904A5A8A has been denied by the DHCP server 10.127.190.121 (The DHCP
Server sent a DHCPNACK message).

Error - 3/26/2012 7:47:11 PM | Computer Name = VOSTRO1500 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 3/26/2012 7:47:11 PM | Computer Name = VOSTRO1500 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/2/2012 10:40:58 AM | Computer Name = VOSTRO1500 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.115 on
the Network Card with network address 001F3A5D5041.

Error - 4/2/2012 10:41:16 AM | Computer Name = VOSTRO1500 | Source = iviVD | ID = 262153
Description = The device, \Device\Scsi\iviVD1, did not respond within the timeout
period.


< End of report >
  • 0

#14
kitt0024
Posted 02 April 2012 - 12:20 PM

kitt0024

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
and the gmer results (not looking good from my limited knowledge)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-02 12:22:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e SAMSUNG_HM160HI rev.HH100-11
Running: u475gdfs.exe; Driver: C:\DOCUME~1\Janet\LOCALS~1\Temp\kxtcyfow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xBA459738]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xBA4597DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xBA459878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xBA459914]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
  • 0

#15
maliprog
Posted 02 April 2012 - 11:19 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi kitt0024,

Let's take deeper look to see what are we dealing with.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply
Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP