Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

blue screen of death twice

Started by elliebelliexo , Apr 01 2012 10:57 AM

  • Please log in to reply

#1
elliebelliexo
Posted 01 April 2012 - 10:57 AM

elliebelliexo

    New Member

  • Member
  • Pip
  • 4 posts
let my friend borrow my computer for a week or so and ever since i have gotten it back the blank blue screen has appeared twice. also every program is running slowly and the computer takes almost 5 minutes to boot up. the cursor also freezes. firefox is especially slow and freezes and stops responding frequently. when i try to watch youtube or any videos they skip and freeze and won't load. i have run multiple scans with avast, malwarebytes and super antispyware in both safe mode and regular mode,nothing comes up on any of them. thanks for any help. -Danielle

OTL logfile created on: 4/1/2012 12:23:58 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Danielle\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.79% Memory free
3.33 Gb Paging File | 2.36 Gb Available in Paging File | 71.04% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.55 Gb Total Space | 109.41 Gb Free Space | 77.29% Space Free | Partition Type: NTFS

Computer Name: ELLIE_NETBOOK | User Name: Danielle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/01 12:12:39 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Danielle\My Documents\Downloads\OTL.exe
PRC - [2012/03/29 22:37:11 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/09 20:09:36 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/17 18:15:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/02 22:32:50 | 000,073,728 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
PRC - [2009/04/01 21:48:08 | 000,210,232 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe
PRC - [2009/03/18 09:49:28 | 000,827,392 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
PRC - [2009/03/17 14:36:00 | 000,283,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2009/03/06 07:26:38 | 000,479,320 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2009/03/06 07:26:06 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/10/11 03:17:50 | 000,132,456 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/08/22 14:26:38 | 000,523,320 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2008/07/01 18:03:06 | 000,038,200 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2008/05/21 17:07:00 | 000,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2007/04/13 21:16:16 | 000,311,296 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2005/06/06 13:58:44 | 000,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\ZoomingHook.exe
PRC - [2005/01/17 19:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/01 04:41:15 | 001,752,064 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12040100\algo.dll
MOD - [2012/03/29 22:37:05 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/29 22:34:42 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/03/29 22:34:42 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/03/29 13:57:40 | 001,752,064 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12032901\algo.dll
MOD - [2012/02/24 18:24:55 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/11 18:48:56 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/11 18:48:55 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/03 11:49:54 | 000,024,576 | ---- | M] () -- C:\Program Files\TOSHIBA\TouchPad\TPECioctl.dll
MOD - [2009/04/02 14:54:38 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\TPeculiarity.dll
MOD - [2009/04/02 13:35:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\EKECioCtl.dll
MOD - [2009/04/01 22:47:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\EBLib.DLL
MOD - [2009/03/13 18:05:14 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll
MOD - [2009/02/27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2008/05/21 17:07:00 | 000,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/17 18:15:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/03/06 07:26:06 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/10/11 03:17:50 | 000,132,456 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/08/22 14:26:38 | 000,523,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2008/05/21 17:07:00 | 000,111,984 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2005/01/17 19:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/11 18:45:17 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/11 18:45:17 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/03/26 14:37:44 | 000,048,176 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cec_uvc.sys -- (cecnuvc)
DRV - [2009/03/26 14:09:20 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2009/03/12 20:25:12 | 005,051,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/12 18:09:54 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/02/13 22:00:02 | 001,503,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/01/30 21:13:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2009/01/22 20:25:26 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/21 14:35:24 | 000,028,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2008/08/05 23:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/24 17:40:58 | 000,017,192 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2008/02/07 04:23:46 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/04 14:14:06 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2007/03/26 15:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/02/22 19:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/19 15:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2006/10/23 20:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/01/04 18:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\..\SearchScopes\{104AD479-C906-4DBA-BA6A-33A175A7DA2D}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/18 13:35:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/29 22:37:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/23 17:10:05 | 000,000,000 | ---D | M]

[2011/03/11 19:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Danielle\Application Data\Mozilla\Extensions
[2011/05/06 20:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\ywnmj2pz.default\extensions
[2011/05/03 11:47:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\ywnmj2pz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/11 19:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/18 13:35:59 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/04/06 14:57:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/03/29 22:37:13 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/17 22:31:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/17 22:31:43 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe ()
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [ZoomingHook] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFC064D9-B47E-4D89-BADF-0C74A128D98F}: DhcpNameServer = 192.168.1.1 71.250.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Soap Bubbles.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Soap Bubbles.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/06 14:11:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/01 11:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danielle\Start Menu\Programs\HiJackThis
[2012/04/01 11:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/15 00:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/15 00:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/15 00:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/01 12:31:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CF0FFDB1-1CAD-4533-81A3-6DC92CC421B0}.job
[2012/04/01 12:23:31 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Danielle\Desktop\Shortcut to OTL.exe.lnk
[2012/04/01 12:12:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3222533598-4246846049-1179278836-1005UA.job
[2012/04/01 12:00:05 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Danielle\Desktop\HiJackThis.lnk
[2012/03/31 14:12:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3222533598-4246846049-1179278836-1005Core.job
[2012/03/29 22:38:19 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/29 22:33:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/29 22:32:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/29 22:32:02 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/18 20:17:30 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/18 13:36:01 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/15 01:01:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/03/15 01:01:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Danielle\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/03/15 00:51:04 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/14 23:52:58 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 20:04:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/11 23:39:25 | 000,445,946 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 23:39:24 | 000,073,368 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 19:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 19:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/03 13:29:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/01 12:23:31 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\Danielle\Desktop\Shortcut to OTL.exe.lnk
[2012/04/01 11:59:18 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\Danielle\Desktop\HiJackThis.lnk
[2012/03/18 22:59:03 | 2137,444,352 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/15 00:51:04 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/02/14 23:15:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/12 19:04:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 21:03:44 | 000,057,896 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/27 22:25:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Danielle\Application Data\wklnhst.dat
[2011/03/11 19:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

========== LOP Check ==========

[2009/04/06 15:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2009/04/06 14:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinBatch
[2011/03/11 19:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/07 22:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2009/12/25 13:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2009/04/06 15:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista32
[2009/04/06 15:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista64
[2009/04/06 15:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XP
[2011/04/05 21:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/19 01:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danielle\Application Data\Amazon
[2009/04/06 15:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danielle\Application Data\toshiba
[2009/04/06 14:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danielle\Application Data\WinBatch
[2009/04/06 15:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2009/04/06 14:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\WinBatch
[2012/03/29 22:38:19 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/04/01 12:36:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CF0FFDB1-1CAD-4533-81A3-6DC92CC421B0}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Gammo
Posted 07 April 2012 - 08:18 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
elliebelliexo
Posted 07 April 2012 - 01:24 PM

elliebelliexo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
my computer has booted up into a blank blue screen twice and once turned blue while i was in the middle of using it. every program is running slowly and the computer takes almost 5 minutes to boot up. the cursor freezes. the internet is especially slow. it freezes and stops responding frequently. lately it will take me ten tries just to get it to load. when i try to watch youtube or any videos they skip and freeze and won't load. i have run multiple scans with avast, malwarebytes and super antispyware in both safe mode and regular mode,nothing comes up on any of them. thanks for any help.

i ran the scan again. only one note pad window came up, the one titled OTL.txt


OTL logfile created on: 4/7/2012 3:00:59 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Danielle\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.69% Memory free
3.33 Gb Paging File | 2.77 Gb Available in Paging File | 83.28% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.55 Gb Total Space | 109.49 Gb Free Space | 77.35% Space Free | Partition Type: NTFS

Computer Name: ELLIE_NETBOOK | User Name: Danielle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/01 12:12:39 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Danielle\My Documents\Downloads\OTL.exe
PRC - [2012/03/09 20:09:36 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/17 18:15:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/02 22:32:50 | 000,073,728 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
PRC - [2009/04/01 21:48:08 | 000,210,232 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe
PRC - [2009/03/18 09:49:28 | 000,827,392 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
PRC - [2009/03/17 14:36:00 | 000,283,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2009/03/06 07:26:38 | 000,479,320 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2009/03/06 07:26:06 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/10/11 03:17:50 | 000,132,456 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/08/22 14:26:38 | 000,523,320 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2008/07/01 18:03:06 | 000,038,200 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2008/05/21 17:07:00 | 000,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2007/04/13 21:16:16 | 000,311,296 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2005/06/06 13:58:44 | 000,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\ZoomingHook.exe
PRC - [2005/01/17 19:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/07 14:52:33 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/04/07 14:52:33 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/07 13:07:21 | 001,755,136 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12040701\algo.dll
MOD - [2012/04/05 14:46:48 | 001,755,136 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12040501\algo.dll
MOD - [2011/08/11 18:48:56 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/11 18:48:55 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/03 11:49:54 | 000,024,576 | ---- | M] () -- C:\Program Files\TOSHIBA\TouchPad\TPECioctl.dll
MOD - [2009/04/02 14:54:38 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\TPeculiarity.dll
MOD - [2009/04/02 13:35:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\EKECioCtl.dll
MOD - [2009/04/01 22:47:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\EBLib.DLL
MOD - [2009/03/13 18:05:14 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll
MOD - [2008/05/21 17:07:00 | 000,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/17 18:15:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/03/06 07:26:06 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/10/11 03:17:50 | 000,132,456 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/08/22 14:26:38 | 000,523,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2008/05/21 17:07:00 | 000,111,984 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2005/01/17 19:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/11 18:45:17 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/11 18:45:17 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/03/26 14:37:44 | 000,048,176 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cec_uvc.sys -- (cecnuvc)
DRV - [2009/03/26 14:09:20 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2009/03/12 20:25:12 | 005,051,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/12 18:09:54 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/02/13 22:00:02 | 001,503,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/01/30 21:13:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2009/01/22 20:25:26 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/21 14:35:24 | 000,028,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2008/08/05 23:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/24 17:40:58 | 000,017,192 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2008/02/07 04:23:46 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/04 14:14:06 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2007/03/26 15:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/02/22 19:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/19 15:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2006/10/23 20:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/01/04 18:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\..\SearchScopes\{104AD479-C906-4DBA-BA6A-33A175A7DA2D}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/18 13:35:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/29 22:37:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/23 17:10:05 | 000,000,000 | ---D | M]

[2011/03/11 19:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Danielle\Application Data\Mozilla\Extensions
[2011/05/06 20:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\ywnmj2pz.default\extensions
[2011/05/03 11:47:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\ywnmj2pz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/11 19:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/18 13:35:59 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/04/06 14:57:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/03/29 22:37:13 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/17 22:31:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/17 22:31:43 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe ()
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [ZoomingHook] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3222533598-4246846049-1179278836-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFC064D9-B47E-4D89-BADF-0C74A128D98F}: DhcpNameServer = 192.168.1.1 71.250.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Soap Bubbles.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Soap Bubbles.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/06 14:11:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/01 11:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danielle\Start Menu\Programs\HiJackThis
[2012/04/01 11:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/15 00:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/15 00:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/15 00:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/07 15:06:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CF0FFDB1-1CAD-4533-81A3-6DC92CC421B0}.job
[2012/04/07 14:56:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/07 14:51:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/07 14:50:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/07 14:50:03 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/05 23:12:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3222533598-4246846049-1179278836-1005UA.job
[2012/04/01 14:12:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3222533598-4246846049-1179278836-1005Core.job
[2012/04/01 12:23:31 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Danielle\Desktop\Shortcut to OTL.exe.lnk
[2012/04/01 12:00:05 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Danielle\Desktop\HiJackThis.lnk
[2012/03/18 20:17:30 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/18 13:36:01 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/15 01:01:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/03/15 01:01:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Danielle\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/03/15 00:51:04 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/14 23:52:58 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 20:04:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/11 23:39:25 | 000,445,946 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 23:39:24 | 000,073,368 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/01 12:23:31 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\Danielle\Desktop\Shortcut to OTL.exe.lnk
[2012/04/01 11:59:18 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\Danielle\Desktop\HiJackThis.lnk
[2012/03/18 22:59:03 | 2137,444,352 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/15 00:51:04 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/02/14 23:15:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/12 19:04:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 21:03:44 | 000,057,896 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/27 22:25:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Danielle\Application Data\wklnhst.dat
[2011/03/11 19:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

========== LOP Check ==========

[2009/04/06 15:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2009/04/06 14:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinBatch
[2011/03/11 19:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/07 22:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2009/12/25 13:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2009/04/06 15:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista32
[2009/04/06 15:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista64
[2009/04/06 15:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XP
[2011/04/05 21:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/19 01:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danielle\Application Data\Amazon
[2009/04/06 15:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danielle\Application Data\toshiba
[2009/04/06 14:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danielle\Application Data\WinBatch
[2009/04/06 15:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2009/04/06 14:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\WinBatch
[2012/04/07 14:56:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/04/07 15:06:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CF0FFDB1-1CAD-4533-81A3-6DC92CC421B0}.job

========== Purity Check ==========



< End of report >
  • 0

#4
Gammo
Posted 07 April 2012 - 03:04 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
I notice you have multiple anti-virus programs on your PC: Avast and Microsoft Security Essentials. You should never have more than one anti-virus on a PC, so please uninstall one of them. It's up to you which one you want to remove, but I suggest you uninstall Microsoft Security Essentials. :thumbsup:





Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.





Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image





Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
elliebelliexo
Posted 08 April 2012 - 09:45 AM

elliebelliexo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
11:00:48.0218 2476 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
11:00:48.0500 2476 ============================================================
11:00:48.0500 2476 Current date / time: 2012/04/08 11:00:48.0500
11:00:48.0500 2476 SystemInfo:
11:00:48.0500 2476
11:00:48.0500 2476 OS Version: 5.1.2600 ServicePack: 3.0
11:00:48.0500 2476 Product type: Workstation
11:00:48.0500 2476 ComputerName: ELLIE_NETBOOK
11:00:48.0500 2476 UserName: Danielle
11:00:48.0500 2476 Windows directory: C:\WINDOWS
11:00:48.0500 2476 System windows directory: C:\WINDOWS
11:00:48.0500 2476 Processor architecture: Intel x86
11:00:48.0500 2476 Number of processors: 2
11:00:48.0500 2476 Page size: 0x1000
11:00:48.0500 2476 Boot type: Normal boot
11:00:48.0500 2476 ============================================================
11:00:49.0343 2476 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:00:49.0343 2476 \Device\Harddisk0\DR0:
11:00:49.0343 2476 MBR used
11:00:49.0343 2476 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11B18E6F
11:00:49.0359 2476 Initialize success
11:00:49.0359 2476 ============================================================
11:02:18.0093 3768 ============================================================
11:02:18.0093 3768 Scan started
11:02:18.0093 3768 Mode: Manual; SigCheck; TDLFS;
11:02:18.0093 3768 ============================================================
11:02:18.0406 3768 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:02:18.0656 3768 !SASCORE - ok
11:02:18.0937 3768 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
11:02:19.0031 3768 Aavmker4 - ok
11:02:19.0046 3768 Abiosdsk - ok
11:02:19.0062 3768 abp480n5 - ok
11:02:19.0093 3768 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:02:19.0578 3768 ACPI - ok
11:02:19.0796 3768 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:02:20.0015 3768 ACPIEC - ok
11:02:20.0078 3768 ACS (75265152c2a2d1cbd2df180d63081d01) C:\WINDOWS\system32\acs.exe
11:02:20.0109 3768 ACS ( UnsignedFile.Multi.Generic ) - warning
11:02:20.0109 3768 ACS - detected UnsignedFile.Multi.Generic (1)
11:02:20.0250 3768 adpu160m - ok
11:02:20.0281 3768 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:02:20.0531 3768 aec - ok
11:02:20.0593 3768 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:02:20.0625 3768 AFD - ok
11:02:20.0781 3768 Aha154x - ok
11:02:20.0796 3768 aic78u2 - ok
11:02:20.0812 3768 aic78xx - ok
11:02:20.0843 3768 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:02:21.0062 3768 Alerter - ok
11:02:21.0093 3768 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:02:21.0187 3768 ALG - ok
11:02:21.0328 3768 AliIde - ok
11:02:21.0406 3768 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
11:02:21.0562 3768 Ambfilt - ok
11:02:21.0718 3768 amsint - ok
11:02:21.0781 3768 ApfiltrService (95116e2bcfaf5a36af0369050e92b9a5) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
11:02:21.0796 3768 ApfiltrService - ok
11:02:21.0937 3768 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:02:21.0953 3768 Apple Mobile Device - ok
11:02:22.0062 3768 AppMgmt - ok
11:02:22.0187 3768 AR5416 (864160f5f4fbdd97b6a686854bfebd86) C:\WINDOWS\system32\DRIVERS\athw.sys
11:02:22.0296 3768 AR5416 - ok
11:02:22.0437 3768 asc - ok
11:02:22.0453 3768 asc3350p - ok
11:02:22.0484 3768 asc3550 - ok
11:02:22.0593 3768 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:02:22.0656 3768 aspnet_state - ok
11:02:22.0843 3768 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:02:22.0875 3768 aswFsBlk - ok
11:02:22.0890 3768 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
11:02:22.0906 3768 aswMon2 - ok
11:02:22.0953 3768 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
11:02:22.0968 3768 aswRdr - ok
11:02:23.0031 3768 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
11:02:23.0078 3768 aswSnx - ok
11:02:23.0281 3768 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
11:02:23.0312 3768 aswSP - ok
11:02:23.0343 3768 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
11:02:23.0359 3768 aswTdi - ok
11:02:23.0390 3768 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:02:23.0609 3768 AsyncMac - ok
11:02:23.0656 3768 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:02:23.0875 3768 atapi - ok
11:02:24.0015 3768 Atdisk - ok
11:02:24.0062 3768 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:02:24.0312 3768 Atmarpc - ok
11:02:24.0359 3768 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:02:24.0578 3768 AudioSrv - ok
11:02:24.0656 3768 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:02:24.0859 3768 audstub - ok
11:02:24.0984 3768 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:02:25.0015 3768 avast! Antivirus - ok
11:02:25.0171 3768 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:02:25.0390 3768 Beep - ok
11:02:25.0500 3768 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:02:25.0750 3768 BITS - ok
11:02:25.0890 3768 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:02:25.0937 3768 Bonjour Service - ok
11:02:26.0062 3768 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:02:26.0281 3768 Browser - ok
11:02:26.0390 3768 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:02:26.0609 3768 cbidf2k - ok
11:02:26.0718 3768 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:02:26.0953 3768 CCDECODE - ok
11:02:27.0062 3768 cd20xrnt - ok
11:02:27.0234 3768 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:02:27.0437 3768 Cdaudio - ok
11:02:27.0562 3768 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:02:27.0781 3768 Cdfs - ok
11:02:27.0843 3768 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\drivers\Cdrom.sys
11:02:28.0062 3768 Cdrom - ok
11:02:28.0203 3768 cecnuvc (8f71e5e7b51450a11ab4530d6b3d5574) C:\WINDOWS\system32\Drivers\cec_uvc.sys
11:02:28.0218 3768 cecnuvc - ok
11:02:28.0359 3768 CFSvcs (3cb0cc8879956c187e87e18634ee5164) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
11:02:28.0375 3768 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
11:02:28.0375 3768 CFSvcs - detected UnsignedFile.Multi.Generic (1)
11:02:28.0453 3768 Changer - ok
11:02:28.0484 3768 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:02:28.0703 3768 CiSvc - ok
11:02:28.0781 3768 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:02:29.0015 3768 ClipSrv - ok
11:02:29.0140 3768 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:02:29.0218 3768 clr_optimization_v2.0.50727_32 - ok
11:02:29.0328 3768 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:02:29.0531 3768 CmBatt - ok
11:02:29.0593 3768 CmdIde - ok
11:02:29.0656 3768 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:02:29.0875 3768 Compbatt - ok
11:02:29.0890 3768 COMSysApp - ok
11:02:29.0906 3768 Cpqarray - ok
11:02:30.0000 3768 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:02:30.0250 3768 CryptSvc - ok
11:02:30.0343 3768 dac2w2k - ok
11:02:30.0500 3768 dac960nt - ok
11:02:30.0640 3768 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:02:30.0718 3768 DcomLaunch - ok
11:02:30.0781 3768 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:02:30.0984 3768 Dhcp - ok
11:02:31.0125 3768 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:02:31.0343 3768 Disk - ok
11:02:31.0375 3768 dmadmin - ok
11:02:31.0421 3768 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:02:31.0687 3768 dmboot - ok
11:02:31.0921 3768 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:02:32.0156 3768 dmio - ok
11:02:32.0187 3768 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:02:32.0421 3768 dmload - ok
11:02:32.0468 3768 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:02:32.0703 3768 dmserver - ok
11:02:32.0937 3768 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:02:33.0156 3768 DMusic - ok
11:02:33.0203 3768 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:02:33.0234 3768 Dnscache - ok
11:02:33.0328 3768 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:02:33.0546 3768 Dot3svc - ok
11:02:33.0562 3768 dpti2o - ok
11:02:33.0593 3768 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:02:33.0796 3768 drmkaud - ok
11:02:33.0921 3768 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:02:34.0156 3768 EapHost - ok
11:02:34.0234 3768 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:02:34.0453 3768 ERSvc - ok
11:02:34.0531 3768 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:02:34.0578 3768 Eventlog - ok
11:02:34.0687 3768 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:02:34.0718 3768 EventSystem - ok
11:02:34.0859 3768 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:02:35.0093 3768 Fastfat - ok
11:02:35.0250 3768 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:02:35.0296 3768 FastUserSwitchingCompatibility - ok
11:02:35.0406 3768 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
11:02:35.0625 3768 Fax - ok
11:02:35.0765 3768 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:02:35.0984 3768 Fdc - ok
11:02:36.0078 3768 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:02:36.0328 3768 Fips - ok
11:02:36.0359 3768 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:02:36.0578 3768 Flpydisk - ok
11:02:36.0718 3768 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:02:36.0937 3768 FltMgr - ok
11:02:37.0078 3768 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:02:37.0109 3768 FontCache3.0.0.0 - ok
11:02:37.0265 3768 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:02:37.0484 3768 Fs_Rec - ok
11:02:37.0609 3768 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:02:37.0828 3768 Ftdisk - ok
11:02:37.0875 3768 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:02:37.0906 3768 GEARAspiWDM - ok
11:02:38.0031 3768 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:02:38.0265 3768 Gpc - ok
11:02:38.0328 3768 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:02:38.0562 3768 HDAudBus - ok
11:02:38.0609 3768 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:02:38.0812 3768 helpsvc - ok
11:02:38.0890 3768 HidServ - ok
11:02:39.0031 3768 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:02:39.0281 3768 hkmsvc - ok
11:02:39.0453 3768 hpn - ok
11:02:39.0546 3768 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:02:39.0578 3768 HTTP - ok
11:02:39.0687 3768 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:02:39.0921 3768 HTTPFilter - ok
11:02:40.0015 3768 i2omgmt - ok
11:02:40.0093 3768 i2omp - ok
11:02:40.0156 3768 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:02:40.0359 3768 i8042prt - ok
11:02:40.0609 3768 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:02:40.0968 3768 ialm - ok
11:02:41.0171 3768 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys
11:02:41.0218 3768 iaStor - ok
11:02:41.0328 3768 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
11:02:41.0359 3768 IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:02:41.0359 3768 IDriverT - detected UnsignedFile.Multi.Generic (1)
11:02:41.0500 3768 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:02:41.0578 3768 idsvc - ok
11:02:41.0765 3768 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
11:02:42.0000 3768 Imapi - ok
11:02:42.0031 3768 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:02:42.0281 3768 ImapiService - ok
11:02:42.0484 3768 ini910u - ok
11:02:42.0734 3768 IntcAzAudAddService (2b1cddfe53715372b2677ace12fc9fe5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:02:43.0125 3768 IntcAzAudAddService - ok
11:02:43.0281 3768 IntelIde - ok
11:02:43.0343 3768 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:02:43.0546 3768 intelppm - ok
11:02:43.0578 3768 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:02:43.0796 3768 Ip6Fw - ok
11:02:43.0859 3768 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:02:44.0062 3768 IpFilterDriver - ok
11:02:44.0250 3768 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:02:44.0484 3768 IpInIp - ok
11:02:44.0562 3768 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:02:44.0781 3768 IpNat - ok
11:02:44.0968 3768 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
11:02:45.0031 3768 iPod Service - ok
11:02:45.0296 3768 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:02:45.0515 3768 IPSec - ok
11:02:45.0562 3768 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:02:45.0671 3768 IRENUM - ok
11:02:45.0703 3768 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:02:45.0937 3768 isapnp - ok
11:02:46.0062 3768 JavaQuickStarterService (32192b4ebe8720ed8d49a455c962cb91) C:\Program Files\Java\jre6\bin\jqs.exe
11:02:46.0078 3768 JavaQuickStarterService - ok
11:02:46.0281 3768 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:02:46.0500 3768 Kbdclass - ok
11:02:46.0593 3768 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:02:46.0796 3768 kmixer - ok
11:02:46.0921 3768 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:02:46.0953 3768 KSecDD - ok
11:02:47.0109 3768 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:02:47.0187 3768 LanmanServer - ok
11:02:47.0250 3768 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:02:47.0328 3768 lanmanworkstation - ok
11:02:47.0437 3768 lbrtfdc - ok
11:02:47.0546 3768 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:02:47.0765 3768 LmHosts - ok
11:02:47.0890 3768 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:02:48.0140 3768 Messenger - ok
11:02:48.0328 3768 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
11:02:48.0359 3768 Microsoft Office Groove Audit Service - ok
11:02:48.0500 3768 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:02:48.0718 3768 mnmdd - ok
11:02:48.0906 3768 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:02:49.0140 3768 mnmsrvc - ok
11:02:49.0343 3768 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:02:49.0562 3768 Modem - ok
11:02:49.0718 3768 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
11:02:49.0875 3768 Monfilt - ok
11:02:50.0062 3768 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:02:50.0281 3768 Mouclass - ok
11:02:50.0359 3768 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:02:50.0562 3768 MountMgr - ok
11:02:50.0578 3768 mraid35x - ok
11:02:50.0593 3768 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:02:50.0828 3768 MRxDAV - ok
11:02:50.0921 3768 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:02:50.0953 3768 MRxSmb - ok
11:02:51.0109 3768 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:02:51.0328 3768 MSDTC - ok
11:02:51.0453 3768 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:02:51.0656 3768 Msfs - ok
11:02:51.0671 3768 MSIServer - ok
11:02:51.0734 3768 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:02:51.0937 3768 MSKSSRV - ok
11:02:51.0953 3768 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:02:52.0203 3768 MSPCLOCK - ok
11:02:52.0406 3768 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:02:52.0640 3768 MSPQM - ok
11:02:52.0656 3768 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:02:52.0859 3768 mssmbios - ok
11:02:52.0937 3768 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:02:53.0171 3768 MSTEE - ok
11:02:53.0406 3768 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:02:53.0453 3768 Mup - ok
11:02:53.0500 3768 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:02:53.0734 3768 NABTSFEC - ok
11:02:53.0796 3768 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:02:54.0062 3768 napagent - ok
11:02:54.0250 3768 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:02:54.0468 3768 NDIS - ok
11:02:54.0531 3768 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:02:54.0750 3768 NdisIP - ok
11:02:54.0937 3768 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:02:54.0984 3768 NdisTapi - ok
11:02:55.0046 3768 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:02:55.0250 3768 Ndisuio - ok
11:02:55.0265 3768 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:02:55.0468 3768 NdisWan - ok
11:02:55.0531 3768 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:02:55.0562 3768 NDProxy - ok
11:02:55.0578 3768 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:02:55.0781 3768 NetBIOS - ok
11:02:56.0015 3768 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:02:56.0281 3768 NetBT - ok
11:02:56.0359 3768 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:02:56.0593 3768 NetDDE - ok
11:02:56.0609 3768 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:02:56.0828 3768 NetDDEdsdm - ok
11:02:57.0015 3768 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
11:02:57.0031 3768 Netdevio ( UnsignedFile.Multi.Generic ) - warning
11:02:57.0031 3768 Netdevio - detected UnsignedFile.Multi.Generic (1)
11:02:57.0093 3768 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:02:57.0359 3768 Netlogon - ok
11:02:57.0484 3768 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:02:57.0718 3768 Netman - ok
11:02:57.0875 3768 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:02:57.0906 3768 NetTcpPortSharing - ok
11:02:58.0015 3768 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:02:58.0093 3768 Nla - ok
11:02:58.0250 3768 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:02:58.0468 3768 Npfs - ok
11:02:58.0593 3768 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:02:58.0828 3768 Ntfs - ok
11:02:58.0984 3768 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:02:59.0187 3768 NtLmSsp - ok
11:02:59.0265 3768 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:02:59.0531 3768 NtmsSvc - ok
11:02:59.0718 3768 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:02:59.0921 3768 Null - ok
11:02:59.0953 3768 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:03:00.0156 3768 NwlnkFlt - ok
11:03:00.0250 3768 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:03:00.0453 3768 NwlnkFwd - ok
11:03:00.0718 3768 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:03:00.0765 3768 odserv - ok
11:03:00.0812 3768 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:03:00.0828 3768 ose - ok
11:03:01.0031 3768 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:03:01.0250 3768 Parport - ok
11:03:01.0281 3768 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:03:01.0500 3768 PartMgr - ok
11:03:01.0656 3768 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:03:01.0890 3768 ParVdm - ok
11:03:01.0953 3768 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:03:02.0218 3768 PCI - ok
11:03:02.0218 3768 PCIDump - ok
11:03:02.0234 3768 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:03:02.0468 3768 PCIIde - ok
11:03:02.0656 3768 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:03:02.0890 3768 Pcmcia - ok
11:03:02.0953 3768 PDCOMP - ok
11:03:02.0968 3768 PDFRAME - ok
11:03:02.0984 3768 PDRELI - ok
11:03:03.0000 3768 PDRFRAME - ok
11:03:03.0015 3768 perc2 - ok
11:03:03.0031 3768 perc2hib - ok
11:03:03.0093 3768 pinger (6dbf2ac2bdaff355995ab25eccc4cfe1) C:\TOSHIBA\IVP\ISM\pinger.exe
11:03:03.0125 3768 pinger - ok
11:03:03.0171 3768 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:03:03.0218 3768 PlugPlay - ok
11:03:03.0312 3768 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:03:03.0531 3768 PolicyAgent - ok
11:03:03.0640 3768 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:03:03.0906 3768 PptpMiniport - ok
11:03:03.0953 3768 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:03:04.0171 3768 ProtectedStorage - ok
11:03:04.0187 3768 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:03:04.0437 3768 PSched - ok
11:03:04.0562 3768 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:03:04.0765 3768 Ptilink - ok
11:03:04.0843 3768 ql1080 - ok
11:03:04.0859 3768 Ql10wnt - ok
11:03:04.0875 3768 ql12160 - ok
11:03:04.0890 3768 ql1240 - ok
11:03:04.0906 3768 ql1280 - ok
11:03:04.0937 3768 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:03:05.0140 3768 RasAcd - ok
11:03:05.0218 3768 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:03:05.0453 3768 RasAuto - ok
11:03:05.0625 3768 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:03:05.0828 3768 Rasl2tp - ok
11:03:05.0921 3768 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:03:06.0171 3768 RasMan - ok
11:03:06.0328 3768 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:03:06.0546 3768 RasPppoe - ok
11:03:06.0656 3768 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:03:06.0875 3768 Raspti - ok
11:03:06.0968 3768 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:03:07.0203 3768 Rdbss - ok
11:03:07.0343 3768 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:03:07.0562 3768 RDPCDD - ok
11:03:07.0671 3768 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:03:07.0718 3768 RDPWD - ok
11:03:07.0765 3768 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:03:08.0031 3768 RDSessMgr - ok
11:03:08.0171 3768 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:03:08.0390 3768 RemoteAccess - ok
11:03:08.0468 3768 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:03:08.0687 3768 RpcLocator - ok
11:03:08.0796 3768 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:03:08.0843 3768 RpcSs - ok
11:03:08.0968 3768 RSUSBSTOR - ok
11:03:09.0031 3768 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:03:09.0250 3768 RSVP - ok
11:03:09.0406 3768 RTLE8023xp (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
11:03:09.0468 3768 RTLE8023xp - ok
11:03:09.0578 3768 RtsUIR - ok
11:03:09.0718 3768 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:03:09.0937 3768 SamSs - ok
11:03:10.0078 3768 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:03:10.0093 3768 SASDIFSV - ok
11:03:10.0125 3768 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:03:10.0156 3768 SASKUTIL - ok
11:03:10.0296 3768 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:03:10.0546 3768 SCardSvr - ok
11:03:10.0640 3768 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:03:10.0875 3768 Schedule - ok
11:03:11.0015 3768 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:03:11.0140 3768 Secdrv - ok
11:03:11.0265 3768 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:03:11.0484 3768 seclogon - ok
11:03:11.0531 3768 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:03:11.0781 3768 SENS - ok
11:03:11.0875 3768 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
11:03:12.0109 3768 Serial - ok
11:03:12.0296 3768 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:03:12.0515 3768 Sfloppy - ok
11:03:12.0593 3768 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:03:12.0843 3768 SharedAccess - ok
11:03:13.0000 3768 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:03:13.0031 3768 ShellHWDetection - ok
11:03:13.0062 3768 Simbad - ok
11:03:13.0078 3768 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:03:13.0312 3768 SLIP - ok
11:03:13.0328 3768 Sparrow - ok
11:03:13.0359 3768 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:03:13.0578 3768 splitter - ok
11:03:13.0734 3768 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:03:13.0781 3768 Spooler - ok
11:03:13.0843 3768 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:03:13.0937 3768 sr - ok
11:03:14.0000 3768 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:03:14.0109 3768 srservice - ok
11:03:14.0296 3768 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:03:14.0343 3768 Srv - ok
11:03:14.0406 3768 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:03:14.0531 3768 SSDPSRV - ok
11:03:14.0640 3768 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:03:14.0875 3768 stisvc - ok
11:03:15.0031 3768 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:03:15.0265 3768 streamip - ok
11:03:15.0421 3768 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:03:15.0640 3768 swenum - ok
11:03:15.0687 3768 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:03:15.0890 3768 swmidi - ok
11:03:15.0906 3768 SwPrv - ok
11:03:15.0937 3768 Swupdtmr (4a5bb3e94b31063718228187ceab619e) c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
11:03:15.0953 3768 Swupdtmr - ok
11:03:15.0968 3768 symc810 - ok
11:03:15.0984 3768 symc8xx - ok
11:03:16.0015 3768 sym_hi - ok
11:03:16.0031 3768 sym_u3 - ok
11:03:16.0062 3768 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:03:16.0281 3768 sysaudio - ok
11:03:16.0421 3768 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:03:16.0656 3768 SysmonLog - ok
11:03:16.0765 3768 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:03:16.0984 3768 TapiSrv - ok
11:03:17.0125 3768 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:03:17.0203 3768 Tcpip - ok
11:03:17.0375 3768 tdcmdpst (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
11:03:17.0437 3768 tdcmdpst - ok
11:03:17.0500 3768 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:03:17.0703 3768 TDPIPE - ok
11:03:17.0734 3768 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:03:17.0968 3768 TDTCP - ok
11:03:18.0203 3768 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys
11:03:18.0234 3768 tdudf - ok
11:03:18.0281 3768 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:03:18.0484 3768 TermDD - ok
11:03:18.0578 3768 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:03:18.0843 3768 TermService - ok
11:03:19.0000 3768 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:03:19.0031 3768 Themes - ok
11:03:19.0093 3768 Thpdrv (b3556bc3e38cc3c4ab2dc09bc7f51ccb) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
11:03:19.0109 3768 Thpdrv - ok
11:03:19.0125 3768 Thpevm (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
11:03:19.0187 3768 Thpevm - ok
11:03:19.0234 3768 Thpsrv (a2b6029763f7c7d340aea8a0b1d44306) C:\WINDOWS\system32\ThpSrv.exe
11:03:19.0296 3768 Thpsrv - ok
11:03:19.0437 3768 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\WINDOWS\system32\TODDSrv.exe
11:03:19.0484 3768 TODDSrv - ok
11:03:19.0687 3768 TOSHIBA Bluetooth Service (f1ff6b201a6385e54c492f8e92efd62b) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
11:03:19.0718 3768 TOSHIBA Bluetooth Service - ok
11:03:19.0781 3768 TosIde - ok
11:03:19.0890 3768 Tosrfcom - ok
11:03:19.0937 3768 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
11:03:20.0000 3768 tosrfec - ok
11:03:20.0062 3768 TPwSav (4026b9c7b042ea99946ce6bbea73ed1b) C:\WINDOWS\system32\drivers\TPwSav.sys
11:03:20.0078 3768 TPwSav - ok
11:03:20.0125 3768 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:03:20.0390 3768 TrkWks - ok
11:03:20.0578 3768 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys
11:03:20.0625 3768 trudf - ok
11:03:20.0656 3768 TVALZ (fc5d508107166a84b2147e5b009206b5) C:\WINDOWS\system32\DRIVERS\TVALZ_O.SYS
11:03:20.0671 3768 TVALZ - ok
11:03:20.0687 3768 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:03:20.0906 3768 Udfs - ok
11:03:20.0906 3768 ultra - ok
11:03:20.0953 3768 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:03:21.0171 3768 Update - ok
11:03:21.0359 3768 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:03:21.0515 3768 upnphost - ok
11:03:21.0546 3768 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:03:21.0765 3768 UPS - ok
11:03:22.0000 3768 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:03:22.0031 3768 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
11:03:22.0031 3768 USBAAPL - detected UnsignedFile.Multi.Generic (1)
11:03:22.0062 3768 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:03:22.0265 3768 usbccgp - ok
11:03:22.0281 3768 USBCCID - ok
11:03:22.0343 3768 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:03:22.0562 3768 usbehci - ok
11:03:22.0640 3768 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:03:22.0859 3768 usbhub - ok
11:03:23.0125 3768 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:03:23.0359 3768 usbprint - ok
11:03:23.0406 3768 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:03:23.0625 3768 usbscan - ok
11:03:23.0656 3768 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:03:23.0859 3768 USBSTOR - ok
11:03:24.0078 3768 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:03:24.0312 3768 usbuhci - ok
11:03:24.0390 3768 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
11:03:24.0609 3768 usbvideo - ok
11:03:24.0703 3768 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS
11:03:24.0734 3768 UVCFTR - ok
11:03:24.0921 3768 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:03:25.0140 3768 VgaSave - ok
11:03:25.0203 3768 ViaIde - ok
11:03:25.0234 3768 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:03:25.0453 3768 VolSnap - ok
11:03:25.0625 3768 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:03:25.0734 3768 VSS - ok
11:03:25.0765 3768 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:03:26.0000 3768 W32Time - ok
11:03:26.0187 3768 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:03:26.0437 3768 Wanarp - ok
11:03:26.0531 3768 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:03:26.0578 3768 Wdf01000 - ok
11:03:26.0718 3768 WDICA - ok
11:03:26.0781 3768 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:03:27.0000 3768 wdmaud - ok
11:03:27.0062 3768 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:03:27.0312 3768 WebClient - ok
11:03:27.0515 3768 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:03:27.0718 3768 winmgmt - ok
11:03:27.0828 3768 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:03:27.0890 3768 WmdmPmSN - ok
11:03:27.0937 3768 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:03:28.0156 3768 WmiApSrv - ok
11:03:28.0328 3768 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:03:28.0437 3768 WMPNetworkSvc - ok
11:03:28.0593 3768 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:03:28.0843 3768 wscsvc - ok
11:03:28.0968 3768 WSIMD (7a36f3083e28405d6c5ecdb942513c3b) C:\WINDOWS\system32\DRIVERS\wsimd.sys
11:03:29.0015 3768 WSIMD ( UnsignedFile.Multi.Generic ) - warning
11:03:29.0015 3768 WSIMD - detected UnsignedFile.Multi.Generic (1)
11:03:29.0281 3768 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:03:29.0515 3768 WSTCODEC - ok
11:03:29.0562 3768 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:03:29.0796 3768 wuauserv - ok
11:03:29.0984 3768 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:03:30.0062 3768 WudfPf - ok
11:03:30.0109 3768 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:03:30.0171 3768 WudfSvc - ok
11:03:30.0250 3768 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:03:30.0500 3768 WZCSVC - ok
11:03:30.0656 3768 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:03:30.0906 3768 xmlprov - ok
11:03:30.0937 3768 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
11:03:31.0296 3768 \Device\Harddisk0\DR0 - ok
11:03:31.0296 3768 Boot (0x1200) (4bc362ddab45ee0a5e8f33c30b0685ba) \Device\Harddisk0\DR0\Partition0
11:03:31.0296 3768 \Device\Harddisk0\DR0\Partition0 - ok
11:03:31.0296 3768 ============================================================
11:03:31.0296 3768 Scan finished
11:03:31.0296 3768 ============================================================
11:03:31.0406 2420 Detected object count: 6
11:03:31.0406 2420 Actual detected object count: 6
11:04:57.0265 2420 ACS ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:57.0265 2420 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:57.0265 2420 CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:57.0265 2420 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:57.0265 2420 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:57.0265 2420 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:57.0281 2420 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:57.0281 2420 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:57.0281 2420 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:57.0281 2420 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:57.0281 2420 WSIMD ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:57.0281 2420 WSIMD ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:06:34.0265 0244 Deinitialize success










aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-08 11:08:55
-----------------------------
11:08:55.031 OS Version: Windows 5.1.2600 Service Pack 3
11:08:55.031 Number of processors: 2 586 0x1C02
11:08:55.031 ComputerName: ELLIE_NETBOOK UserName: Danielle
11:08:58.171 Initialize success
11:08:58.671 AVAST engine defs: 12040800
11:09:01.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:09:01.296 Disk 0 Vendor: Hitachi_ PBBO Size: 152627MB BusType: 3
11:09:01.328 Disk 0 MBR read successfully
11:09:01.328 Disk 0 MBR scan
11:09:01.328 Disk 0 Windows XP default MBR code
11:09:01.328 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 144945 MB offset 63
11:09:01.359 Disk 0 Partition 2 00 1C Hidd FAT32 LBA MSDOS5.0 7679 MB offset 296849070
11:09:01.375 Disk 0 scanning sectors +312576705
11:09:01.437 Disk 0 scanning C:\WINDOWS\system32\drivers
11:09:08.953 Service scanning
11:09:30.125 Modules scanning
11:09:39.156 Disk 0 trace - called modules:
11:09:39.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys hal.dll ACPI.sys iaStor.sys
11:09:39.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89e42030]
11:09:39.203 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\THPDRV[0x89dd4030]
11:09:39.203 5 thpdrv.sys[ba3428b9] -> nt!IofCallDriver -> \Device\00000069[0x89e4b830]
11:09:39.203 7 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x89dc1028]
11:09:40.062 AVAST engine scan C:\WINDOWS
11:09:50.843 AVAST engine scan C:\WINDOWS\system32
11:11:52.640 AVAST engine scan C:\WINDOWS\system32\drivers
11:12:07.562 AVAST engine scan C:\Documents and Settings\Danielle
11:12:29.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Danielle\Desktop\MBR.dat"
11:12:29.000 The log file has been saved successfully to "C:\Documents and Settings\Danielle\Desktop\aswMBR.txt"











ComboFix 12-04-07.04 - Danielle 04/08/2012 11:20:08.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1359 [GMT -4:00]
Running from: c:\documents and settings\Danielle\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\xp
c:\program files\iexplorer
c:\program files\iexplorer\AxInterop.QTOControlLib.dll
c:\program files\iexplorer\ICSharpCode.SharpZipLib.dll
c:\program files\iexplorer\iExplorer.exe
c:\program files\iexplorer\Interop.QTOControlLib.dll
c:\program files\iexplorer\Interop.QTOLibrary.dll
c:\program files\iexplorer\isxdl.dll
c:\program files\iexplorer\MPCrashReporter.dll
c:\program files\iexplorer\MPUpdater.dll
c:\program files\iexplorer\msvcr71.dll
c:\program files\iexplorer\PodPhone2.dll
c:\program files\iexplorer\unins000.dat
c:\program files\iexplorer\unins000.exe
c:\program files\iexplorer\unins000.msg
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-01 15:59 . 2012-04-01 15:59 388096 ----a-r- c:\documents and settings\Danielle\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-01 15:59 . 2012-04-01 15:59 -------- d-----w- c:\program files\Trend Micro
2012-03-30 02:37 . 2012-03-30 02:37 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-30 02:37 . 2012-03-30 02:37 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-19 01:49 . 2012-03-19 01:49 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-03-19 00:27 . 2012-03-19 00:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-03-15 04:49 . 2012-03-15 04:49 -------- d-----w- c:\program files\iPod
2012-03-15 04:48 . 2012-03-15 04:50 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2011-03-11 23:10 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-03-11 23:10 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-03-11 23:11 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-03-11 23:11 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2011-03-11 23:11 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2011-03-11 23:11 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-03-11 23:11 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2011-03-11 23:11 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2011-03-11 23:11 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2011-03-11 23:11 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-24 22:25 . 2011-05-17 22:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2009-04-06 19:48 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2009-12-26 00:59 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 19:06 . 2012-02-15 03:15 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2009-04-06 18:08 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-30 02:37 . 2012-02-18 02:31 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-10 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"ACU"="c:\program files\Atheros\ACU.exe" [2009-03-06 479320]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-20 83336]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2009-04-03 73728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-17 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-17 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-13 17531392]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2009-03-18 827392]
"TDispVol"="TDispVol.exe" [2009-04-02 210232]
"ZoomingHook"="ZoomingHook.exe" [2005-06-06 24576]
"TAccessibility"="c:\program files\TOSHIBA\Accessibility\TAccessibility.exe" [2009-02-25 110592]
"TPSMain"="TPSMain.exe" [2009-03-17 283960]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-03-16 252288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Danielle\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-11 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2009-03-26 18:09 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2004-05-01 21:45 28672 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-04-10 01:07 159744 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AppMgmt"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [8/21/2008 2:35 PM 28536]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [9/4/2007 2:14 PM 6528]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/11/2011 7:11 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/11/2011 7:11 PM 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/11/2011 7:11 PM 20696]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 3:22 PM 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 3:15 PM 134016]
R3 cecnuvc;Chicony USB 2.0 Camera VD;c:\windows\system32\drivers\cec_uvc.sys [12/25/2009 3:11 PM 48176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/6/2009 3:08 PM 1684736]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys --> c:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 34014457
*NewlyCreated* - ASWMBR
*Deregistered* - 34014457
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-04-08 c:\windows\Tasks\User_Feed_Synchronization-{CF0FFDB1-1CAD-4533-81A3-6DC92CC421B0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
FF - ProfilePath - c:\documents and settings\Danielle\Application Data\Mozilla\Firefox\Profiles\ywnmj2pz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1 - c:\program files\iExplorer\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-08 11:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-04-08 11:31:57
ComboFix-quarantined-files.txt 2012-04-08 15:31
.
Pre-Run: 117,773,307,904 bytes free
Post-Run: 118,041,923,584 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 700F7437BC4A81E25FF3FB780FF7FC95
  • 0

#6
Gammo
Posted 08 April 2012 - 09:51 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Your logs appear to be clean to me, so I don't think the blue screens of death (if you're still getting them) are being caused by malware.

Let's cleanup the tools we used:

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Once you've done the above, you can start a new topic about your problem here if you want. :thumbsup:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP