Random missing items and PC freezing after Trojan

View previous topic View next topic Go down

Random missing items and PC freezing after Trojan

Post by major-tom on Wed Aug 03, 2011 11:04 pm

Hi everyone, I'm new to the forum and hoping someone can help me get my PC up and running again.

Had virus' couple of weeks ago, quarantined by Zone Alarm, can't remember which ones exactly (and the log file on the update has now dissapppeared) but FakeAV was one. Everything seemed OK at first, then fake messages about a hard-drive failure, then noticed random files/software/emails missing and couldn't perform some functions as no permission (despite being administrator account). Could not do system restore as critical file unavailable, could not run task manager as disabled (have now changed registry entry but nothing sinister shows as running). Standard search could not locate items, but trawling through folders manually found most, was able to retrieve some by restoring to an earlier time individually. PC hanging frequently, no reponse (even to alt, cntrl, del), won't shut down. Last crash black screen.

Have run Zone Alarm, Spybot search and Destroy but nothing major showed, Uniblue Registry Booster didn't help. Have run Sophos anti-rootkit, but could not check the box for running processes (greyed out), found 300 unrecognized hidden files but none recommended for removal.

Have also run OTL, aswMBR and screen317 Security Check but am unable to post the files on the forum as I'm getting this error message "New members are not allowed to post external links or emails for 7 days. Please contact the forum administrator for more information.
The posted message is too long." Is there a way round this please?

Any help or suggestions greatly appreciated and thank you in advance for your time, Major-Tom.

major-tom
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2011-08-03
Gender : Female
OS : windows 7

View user profile

Back to top Go down

Re: Random missing items and PC freezing after Trojan

Post by Sneakyone on Thu Aug 04, 2011 5:46 am

Hi,

Please split the logs into multiple post. OTL might take 2 or 3 maybe even 4.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: Random missing items and PC freezing after Trojan

Post by major-tom on Thu Aug 04, 2011 10:57 am

Thanks, here's part 1;

Results for OTL;

OTL logfile created on: 8/3/2011 1:05:39 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Major Tom\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.84 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.05% Memory free
7.68 Gb Paging File | 5.46 Gb Available in Paging File | 71.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 90.85 Gb Free Space | 60.96% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 141.99 Gb Free Space | 95.52% Space Free | Partition Type: NTFS

Computer Name: STARMAN | User Name: Major Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/03 13:03:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Major Tom\Downloads\OTL (1).com
PRC - [2011/07/12 09:35:14 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/07/12 09:33:34 | 000,071,824 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/07/04 14:29:24 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2011/06/24 15:54:46 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/06/24 15:54:36 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/26 13:49:38 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2009/08/11 11:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 19:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/13 15:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/13 21:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2008/04/04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/03 13:03:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Major Tom\Downloads\OTL (1).com
MOD - [2011/06/22 18:01:24 | 000,522,040 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2011/06/17 00:02:00 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MOD - [2011/06/17 00:02:00 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
MOD - [2011/05/30 12:39:06 | 000,644,736 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
MOD - [2010/11/20 13:21:39 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll
MOD - [2010/11/20 13:21:36 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2010/11/20 13:18:27 | 000,854,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/30 12:39:16 | 000,825,984 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2009/08/27 13:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/05 14:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 11:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/12 09:35:14 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/02 11:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/11/20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/07/01 10:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/05/11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/10 19:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 19:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/04/04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/30 12:38:56 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\F25B.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/05/07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/17 16:04:28 | 001,221,224 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/14 17:08:38 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/10/14 17:08:36 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/09/21 16:51:56 | 000,362,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/04/27 03:25:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2010/04/27 03:25:14 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV:64bit: - [2010/04/27 03:25:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2009/08/27 08:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 17:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/24 15:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 17:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 06:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2011/08/03 08:23:40 | 000,386,128 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus64_29574.sys -- (RapportCerberus_29574)
DRV - [2011/06/22 18:01:32 | 000,061,200 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\aspi32.sys -- (Aspi32)

major-tom
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2011-08-03
Gender : Female
OS : windows 7

View user profile

Back to top Go down

Re: Random missing items and PC freezing after Trojan

Post by major-tom on Thu Aug 04, 2011 11:43 am

Hi again,

Sorry but unable to post anymore. I have deleted all web references from the logs but still getting error message when I try to post "New members are not allowed to post external links or emails for 7 days. Please contact the forum administrator for more information."

Is there something else I could do? Thanks, Major-Tom.

major-tom
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2011-08-03
Gender : Female
OS : windows 7

View user profile

Back to top Go down

Re: Random missing items and PC freezing after Trojan

Post by major-tom on Thu Aug 04, 2011 1:16 pm

Part 2........web references deleted and email references replaced with "at"

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = msn.co.uk/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d} - C:\Program Files (x86)\Nectar Search Toolbar\Helper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\"at"microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\"at"microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\"at"adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\"at"checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\"at"microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\"at"Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\"at"microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\"at"microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\"at"microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\"at"nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\"at"real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\"at"real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\"at"real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\"at"real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\"at"real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\"at"real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\"at"tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\"at"tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\"at"viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011/07/16 22:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/07/16 22:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting"at"hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/25 21:35:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/03 01:07:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting"at"hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/25 21:35:20 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/07/12 00:59:02 | 000,435,904 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 14999 more lines...
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Nectar Search Toolbar BHO) - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll ()
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - File not found
O3 - HKLM\..\Toolbar: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Major Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011/05/29 02:49:06 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com ["at" = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe ["at" = exefile] -- "%1" %*
O37 - HKLM\...com ["at" = comfile] -- "%1" %*
O37 - HKLM\...exe ["at" = exefile] -- "%1" %*


MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: Teco - hkey= - key= - C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: KL1 - C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
SafeBootNet:64bit: kl2 - C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{39525A64-594D-4690-8318-2700473BD796} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)


major-tom
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2011-08-03
Gender : Female
OS : windows 7

View user profile

Back to top Go down

Re: Random missing items and PC freezing after Trojan

Post by major-tom on Thu Aug 04, 2011 1:18 pm

Part 3...................

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 09:59:57 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{65D56885-DF16-464E-8665-AC93B66732EB}
[2011/08/03 02:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/08/03 02:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/08/02 21:59:30 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{FAC596A6-9E3E-4931-AD58-B44283899A90}
[2011/08/02 01:20:41 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{C9095987-F68A-46E3-9793-A051186EBD28}
[2011/08/01 11:30:21 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{50FE4EE4-4B1A-4D2C-BEF1-41D1707E81C4}
[2011/07/31 17:54:37 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{393763C3-6FAE-4CD1-B8CC-90CFE56DA3CA}
[2011/07/31 00:53:58 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{213063A5-7C8C-46DE-BDC2-84DBDAB04868}
[2011/07/29 22:55:12 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{03E79620-1873-4F18-9FBB-1FD3A766324A}
[2011/07/28 16:00:32 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{0529FB69-E9F6-4613-8CAB-19CB24A36CDA}
[2011/07/28 04:00:07 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{F5D67CFF-780E-49E5-B27E-451C9B6A0B58}
[2011/07/27 16:09:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/07/27 15:59:55 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{2AFEB5D3-91DF-429B-AE79-BFB229E94C17}
[2011/07/26 10:15:22 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{4497EBE4-21CB-488C-B46D-5393F69095F6}
[2011/07/25 22:31:06 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\Documents\SelfMV
[2011/07/25 14:24:58 | 000,000,000 | ---D | C] -- C:\Temp
[2011/07/25 14:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/25 14:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/07/25 13:46:06 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{3DC52DA1-722D-43D0-A832-3A5DD4D47882}
[2011/07/25 13:45:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/07/24 21:47:26 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{09698BD7-404A-4D8F-A7A5-8E7B0D6E029F}
[2011/07/24 09:47:02 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{E0641C9E-151D-4D23-96A2-5933526ECBCD}
[2011/07/23 20:05:01 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{498EC331-EEEF-4721-8E4C-98CA2D54056A}
[2011/07/22 14:08:38 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\Samsung
[2011/07/22 14:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011/07/22 14:07:37 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2011/07/22 14:07:16 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2011/07/22 09:31:56 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{4F746A29-D3B1-4C2C-B81A-A8C657D1A8AD}
[2011/07/21 12:27:25 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{C63A7E43-815C-4935-B89A-DE91D255B81F}
[2011/07/20 21:48:48 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{40C6CE39-F9AD-4906-88FE-647C61C67F85}
[2011/07/20 09:48:22 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{3CF3BE13-CD1F-45C4-A047-B01087207F3D}
[2011/07/19 12:39:56 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{D7ADA6E8-899B-478B-B75B-5F6DFD1C6242}
[2011/07/18 10:14:46 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{BE2F0123-1926-4463-8CE2-7DB1041B04C5}
[2011/07/17 13:35:15 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{E030C8D2-6CA2-4283-AC96-667D547A7339}
[2011/07/16 21:41:53 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/07/16 21:41:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/07/16 21:40:49 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\Conduit
[2011/07/16 21:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm_Security_Suite
[2011/07/16 21:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2011/07/16 21:35:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2011/07/16 18:13:07 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{7246C6D8-A3AC-481D-843B-DBC395B19E41}
[2011/07/15 15:29:15 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{27C91D5D-7E8E-479A-AF92-FAF38AF4B715}
[2011/07/15 08:34:28 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{0DB95CF8-EB47-4388-9756-73904C9920DE}
[2011/07/14 18:04:08 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{C81BCEF7-BD52-410E-B103-1BB5DF6583F4}
[2011/07/14 02:06:15 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nectar Search Toolbar
[2011/07/13 23:14:37 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/13 23:14:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 23:14:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 23:14:34 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 23:14:34 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 23:14:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 23:14:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 23:14:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 23:14:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 23:14:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 23:14:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 23:14:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 23:14:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 23:14:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 23:14:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 23:14:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 23:14:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 23:14:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 23:14:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 23:14:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 23:14:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 23:14:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 23:14:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 23:14:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 23:14:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 23:14:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 23:14:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 23:14:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 23:14:24 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/13 23:14:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/13 23:14:24 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/13 23:14:24 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/13 23:14:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/13 23:14:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/13 23:14:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/13 23:14:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/13 23:14:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/13 23:14:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/13 23:14:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/13 23:14:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/07/13 23:09:57 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{9A867861-D413-446A-91F6-185BB20263DA}
[2011/07/13 00:35:58 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{1C8480A3-7B54-41EE-9D81-E482490F4095}
[2011/07/12 12:35:46 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{FD55EBA9-C70D-4D0E-9DAD-75673770869A}
[2011/07/12 11:34:00 | 000,212,840 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011/07/12 11:34:00 | 000,096,104 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/07/12 11:34:00 | 000,085,864 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/07/12 11:34:00 | 000,061,288 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011/07/12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/07/12 11:20:54 | 000,050,536 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll
[2011/07/11 17:02:33 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{DA3FF030-58C6-4277-AACD-912E7962CD39}
[2011/07/11 16:51:34 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/07/11 16:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/07/10 13:30:37 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{3446C45E-E868-4AB4-BF6B-4931973EA90F}
[2011/07/10 02:53:10 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Calculator Plus
[2011/07/10 02:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Calculator Plus
[2011/07/09 16:13:25 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{E7C45D78-FB16-4BCE-886B-DB480E08DCD6}
[2011/07/08 23:19:49 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{4F292B58-ABC1-49AF-9D8E-34733F2F24D8}
[2011/07/08 11:03:35 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{5B3B689C-F250-45E8-A845-087EFEED7968}
[2011/07/07 18:22:02 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{24DEF64B-765D-4798-B5D2-EBF6499E58FC}
[2011/07/06 21:44:08 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{5A2BA73E-A3A2-4050-BB32-5B7173D63A4A}
[2011/07/05 09:51:40 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{5D26AED5-56C5-47C7-B7D3-C9EC26D70BDE}
[2011/07/04 15:21:50 | 000,000,000 | ---D | C] -- C:\Users\Major Tom\AppData\Local\{E0B16DA0-2926-4A2A-BD7D-7585476C9DBB}
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/03 13:02:24 | 000,000,927 | ---- | M] () -- C:\Users\Major Tom\Desktop\PC problems after Trojan.rtf
[2011/08/03 13:01:01 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 13:01:01 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 12:53:06 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/03 12:52:58 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011/08/03 12:52:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/03 12:52:33 | 3092,938,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/03 12:40:55 | 000,000,276 | ---- | M] () -- C:\Users\Major Tom\Documents\PC problems after Trojan.rtf
[2011/08/03 11:50:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/03 01:15:35 | 000,847,856 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/03 01:15:35 | 000,715,792 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/03 01:15:35 | 000,141,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/27 16:09:58 | 000,001,804 | ---- | M] () -- C:\Users\Major Tom\Desktop\Uniblue RegistryBooster.lnk
[2011/07/27 16:09:58 | 000,001,794 | ---- | M] () -- C:\Users\Major Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/07/26 00:31:17 | 000,005,762 | ---- | M] () -- C:\Users\Major Tom\AppData\Roaming\UserTile.png
[2011/07/25 22:31:07 | 000,005,632 | ---- | M] () -- C:\Users\Major Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/22 14:07:59 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011/07/22 14:07:45 | 000,001,988 | ---- | M] () -- C:\Users\Major Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2011/07/21 11:21:02 | 001,649,947 | ---- | M] () -- C:\Users\Major Tom\Desktop\aga_s_series_93366205.pdf
[2011/07/19 15:22:03 | 000,016,367 | ---- | M] () -- C:\Users\Major Tom\Documents\Re_ Notification of Payment Received.eml
[2011/07/18 09:50:26 | 000,032,768 | ---- | M] () -- C:\Users\Major Tom\Desktop\G-line 2011A.htm
[2011/07/16 21:42:02 | 000,415,911 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/07/14 01:01:10 | 000,361,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/12 22:14:57 | 000,000,534 | ---- | M] () -- C:\Windows\SysNative\tmp.xml
[2011/07/12 11:34:00 | 000,212,840 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011/07/12 11:34:00 | 000,096,104 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/07/12 11:34:00 | 000,085,864 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/07/12 11:34:00 | 000,061,288 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011/07/12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/07/12 11:20:54 | 000,050,536 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll
[2011/07/12 00:59:02 | 000,435,904 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/07/05 12:01:43 | 000,003,432 | ---- | M] () -- C:\Users\Major Tom\Desktop\Product Keys.rtf
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/03 12:41:08 | 000,000,927 | ---- | C] () -- C:\Users\Major Tom\Desktop\PC problems after Trojan.rtf
[2011/08/03 12:40:55 | 000,000,276 | ---- | C] () -- C:\Users\Major Tom\Documents\PC problems after Trojan.rtf
[2011/07/26 00:31:17 | 000,005,762 | ---- | C] () -- C:\Users\Major Tom\AppData\Roaming\UserTile.png
[2011/07/25 13:45:59 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/07/22 14:07:59 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011/07/22 14:07:45 | 000,001,988 | ---- | C] () -- C:\Users\Major Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2011/07/21 11:21:02 | 001,649,947 | ---- | C] () -- C:\Users\Major Tom\Desktop\aga_s_series_93366205.pdf
[2011/07/19 15:22:02 | 000,016,367 | ---- | C] () -- C:\Users\Major Tom\Documents\Re_ Notification of Payment Received.eml
[2011/07/18 09:52:35 | 000,032,768 | ---- | C] () -- C:\Users\Major Tom\Desktop\G-line 2011A.htm
[2011/07/16 21:41:35 | 000,415,911 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/07/11 16:50:52 | 000,001,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/07/11 16:50:33 | 000,001,381 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/07/11 16:50:14 | 000,001,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/07/11 16:50:03 | 000,002,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/07/10 23:46:13 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/06/07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/06/07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/06/07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/06/07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/06/07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2010/11/25 21:29:35 | 000,221,477 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/11/25 21:29:35 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/11/25 16:23:27 | 000,221,143 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2010/11/25 16:23:27 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2010/08/24 16:54:03 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/07/31 11:58:21 | 000,013,623 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/07/31 02:21:55 | 000,005,632 | ---- | C] () -- C:\Users\Major Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/30 21:10:40 | 000,780,292 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/27 22:55:01 | 000,007,605 | ---- | C] () -- C:\Users\Major Tom\AppData\Local\Resmon.ResmonCfg
[2009/11/14 20:09:41 | 000,000,198 | ---- | C] () -- C:\Users\Major Tom\AppData\Roaming\wklnhst.dat
[2009/10/11 20:35:11 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/08/27 08:05:12 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/08/27 08:05:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/08/27 08:05:12 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/08/27 08:05:12 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/06/27 20:10:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/12/06 13:58:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Amazon
[2011/08/03 01:07:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011/06/23 08:00:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ask.com
[2011/08/03 01:07:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/07/16 21:38:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CheckPoint
[2011/06/27 20:10:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/07/16 21:41:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2011/03/21 01:58:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberFOX Software
[2009/09/04 15:37:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\eBay
[2010/11/23 22:22:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Foxit Software
[2009/11/06 16:50:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2011/05/29 03:19:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2011/07/22 14:07:15 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2009/09/04 15:25:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2011/06/17 09:34:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2009/09/04 15:30:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/07/12 17:32:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JRE
[2011/06/23 08:18:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MarkAny
[2009/12/27 23:04:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MFInstall
[2011/07/14 01:53:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Calculator Plus
[2010/01/30 23:58:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011/06/17 00:03:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/09/04 15:56:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/12/16 02:32:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/10/26 03:01:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2009/07/14 06:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/06/03 10:20:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
[2010/08/01 02:39:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/07/14 02:06:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nectar Search Toolbar
[2011/05/26 15:53:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2011/02/15 19:44:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NOS
[2010/07/12 17:31:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3
[2009/09/04 15:39:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Photo-Service
[2010/12/13 12:36:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2011/05/26 13:50:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2009/10/11 20:27:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2011/05/29 03:18:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek WLAN Driver
[2009/07/14 06:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/06/25 13:06:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Registry Mechanic
[2011/07/22 14:06:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
[2011/08/03 02:05:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sophos
[2011/06/25 14:12:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/10/11 20:24:51 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2009/10/11 20:34:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TOSHIBA
[2009/09/04 15:44:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TOSHIBA Games
[2010/07/28 17:24:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Toshiba TEMPRO
[2011/06/26 20:27:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trusteer
[2011/06/24 20:12:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Uniblue
[2009/07/14 05:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/06/02 23:34:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Viewpoint
[2009/07/14 06:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/07/14 01:53:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/06/15 19:09:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/06/15 19:09:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 06:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/06/15 19:09:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/06/15 19:09:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/06/15 19:09:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/05/29 03:21:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!
[2011/07/16 21:41:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ZoneAlarm_Security_Suite


< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/14 02:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/14 02:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 02:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTOR.SYS >
[2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/21 20:36:30 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/21 20:36:30 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/21 20:36:30 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/21 20:36:33 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/05/21 20:36:33 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/21 20:36:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/21 20:36:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/21 20:36:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/21 20:36:33 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/05/21 20:36:33 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

"at"Alternate Data Stream - 873 bytes -> C:\Users\Major Tom\Documents\Re_ Notification of Payment Received.eml:OECustomProperty
"at"Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Results for OTL Extras;

OTL Extras logfile created on: 8/3/2011 1:05:39 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Major Tom\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.84 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.05% Memory free
7.68 Gb Paging File | 5.46 Gb Available in Paging File | 71.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 90.85 Gb Free Space | 60.96% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 141.99 Gb Free Space | 95.52% Space Free | Partition Type: NTFS

Computer Name: STARMAN | User Name: Major Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url["at" = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl ["at" = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

major-tom
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2011-08-03
Gender : Female
OS : windows 7

View user profile

Back to top Go down

Re: Random missing items and PC freezing after Trojan

Post by major-tom on Thu Aug 04, 2011 1:19 pm

And....woohoo.......the final installment !

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype(TM) Launcher
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2E87F4AB-99BF-421C-AF7B-365A9C08549A}" = F300
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84598521-7A52-49F6-A91E-E73E6086AB4C}" = ZoneAlarm Firewall
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.co.uk
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB49995D-1C6B-4138-A1C9-1E40E9FC69E7}" = ZoneAlarm Security
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAAD511C-ECBF-4C0A-8F70-9AC69DEE8D6E}" = ZoneAlarm Antivirus
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DBB1F4ED-3212-4F58-A427-9C01DE4A24A5}_is1" = Uniblue SystemTweaker
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"Foxit PDF Editor" = Foxit PDF Editor
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"JBidwatcher_0" = JBidwatcher 2.1.4.1
"JBidwatcher_1" = JBidwatcher 2.1.5
"JBidwatcher_2" = JBidwatcher 2.1.5
"Nectar Search Toolbar" = Nectar Search Toolbar
"Rapport_msi" = Rapport
"RealPlayer 12.0" = RealPlayer
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"ZoneAlarm Internet Security Suite" = ZoneAlarm Internet Security Suite

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/16/2011 6:47:14 PM | Computer Name = Starman | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/16/2011 6:47:14 PM | Computer Name = Starman | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/16/2011 6:47:14 PM | Computer Name = Starman | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/16/2011 6:47:14 PM | Computer Name = Starman | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/16/2011 6:47:15 PM | Computer Name = Starman | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/16/2011 6:47:15 PM | Computer Name = Starman | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/17/2011 3:57:51 PM | Computer Name = Starman | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/17/2011 3:57:51 PM | Computer Name = Starman | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/17/2011 3:57:51 PM | Computer Name = Starman | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/17/2011 3:57:51 PM | Computer Name = Starman | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <**download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 8/2/2011 9:15:43 PM | Computer Name = Starman | Source = Service Control Manager | ID = 7000
Description = The MEMSWEEP2 service failed to start due to the following error:
%%1275

Error - 8/2/2011 11:02:58 PM | Computer Name = Starman | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\system32\F25B.tmp has been blocked from loading due
to incompatibility with this system. Please contact your software vendor for a
compatible version of the driver.

Error - 8/2/2011 11:02:58 PM | Computer Name = Starman | Source = Service Control Manager | ID = 7000
Description = The MEMSWEEP2 service failed to start due to the following error:
%%1275

Error - 8/2/2011 11:02:59 PM | Computer Name = Starman | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\system32\F25B.tmp has been blocked from loading due
to incompatibility with this system. Please contact your software vendor for a
compatible version of the driver.

Error - 8/2/2011 11:02:59 PM | Computer Name = Starman | Source = Service Control Manager | ID = 7000
Description = The MEMSWEEP2 service failed to start due to the following error:
%%1275

Error - 8/3/2011 7:50:06 AM | Computer Name = Starman | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 8/3/2011 7:52:44 AM | Computer Name = Starman | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:49:36 on ?03/?08/?2011 was unexpected.

Error - 8/3/2011 7:53:05 AM | Computer Name = Starman | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Aspi32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/3/2011 7:53:05 AM | Computer Name = Starman | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%1275

Error - 8/3/2011 7:54:39 AM | Computer Name = Starman | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.


< End of report >
aswMBR file;
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-03 13:47:16
-----------------------------
13:47:16.142 OS Version: Windows x64 6.1.7601 Service Pack 1
13:47:16.142 Number of processors: 2 586 0x170A
13:47:16.172 ComputerName: STARMAN UserName:
13:47:18.362 Initialize success
13:47:59.374 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:47:59.374 Disk 0 Vendor: TOSHIBA_ FG02 Size: 305245MB BusType: 3
13:47:59.414 Disk 0 MBR read successfully
13:47:59.414 Disk 0 MBR scan
13:47:59.414 Disk 0 Windows 7 default MBR code
13:47:59.414 Service scanning
13:48:00.964 Modules scanning
13:48:00.964 Disk 0 trace - called modules:
13:48:01.004 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:48:01.004 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c2f790]
13:48:01.014 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004720050]
13:48:01.014 Scan finished successfully
13:49:57.662 Disk 0 MBR has been saved successfully to "C:\Users\Major Tom\Desktop\MBR.dat"
13:49:57.662 The log file has been saved successfully to "C:\Users\Major Tom\Desktop\aswMBR.txt"

Results of screen 317 security check;

Results of screen317's Security Check version 0.99.18
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Internet Security Suite
ZoneAlarm Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
Sophos Anti-Rootkit 1.5.20
Java(TM) 6 Update 14
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.1.53.64
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
``````````End of Log````````````


major-tom
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2011-08-03
Gender : Female
OS : windows 7

View user profile

Back to top Go down

Re: Random missing items and PC freezing after Trojan

Post by Sneakyone on Fri Aug 05, 2011 6:13 am

Hi,

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: Random missing items and PC freezing after Trojan

Post by major-tom on Fri Aug 05, 2011 9:18 am

Hi again Sneakyone and thank you for your time and expertize, here is the ComboFix log file, a bit scary to see a system file infected and it took much longer than expected to run, but it's all good. Again web and email references have been replaced with "at" and *** so I could post.

ComboFix 11-08-05.01 - Major Tom 05/08/2011 9:01.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3933.2453 [GMT 1:00]
Running from: c:\users\Major Tom\Desktop\commy.exe
Command switches used :: /stepdel
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\users\Major Tom\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\users\MAJORT~1\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\windows\security\Database\tmp.edb
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\windows\system32\msconfig.exe . . . . Failed to delete
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
c:\windows\SysWow64\muzapp.exe
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-03 01:15 . 2011-05-12 13:03 6144 ------w- c:\windows\system32\F25B.tmp
2011-08-03 01:08 . 2011-05-12 13:03 6144 ------w- c:\windows\system32\1C57.tmp
2011-08-03 01:05 . 2011-08-03 01:05 -------- d-----w- c:\program files (x86)\Sophos
2011-07-27 15:09 . 2011-08-03 00:07 -------- dc-h--w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-07-25 13:24 . 2011-07-25 19:22 -------- d-----w- C:\Temp
2011-07-25 13:01 . 2011-08-03 00:07 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-25 13:01 . 2011-08-03 00:07 -------- d-----w- c:\program files\Bonjour
2011-07-25 12:45 . 2011-08-03 00:07 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-22 13:08 . 2011-08-03 00:07 -------- d-----w- c:\users\Major Tom\AppData\Local\Samsung
2011-07-22 13:07 . 2011-06-07 10:13 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2011-07-22 13:07 . 2011-06-07 10:13 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2011-07-16 20:41 . 2011-08-04 21:49 -------- d-----w- c:\windows\Internet Logs
2011-07-16 20:41 . 2011-07-16 20:41 -------- d-----w- c:\program files (x86)\Conduit
2011-07-16 20:40 . 2011-07-16 20:40 -------- d-----w- c:\users\Major Tom\AppData\Local\Conduit
2011-07-16 20:40 . 2011-07-16 20:41 -------- d-----w- c:\program files (x86)\ZoneAlarm_Security_Suite
2011-07-16 20:35 . 2011-07-16 20:38 -------- d-----w- c:\program files (x86)\CheckPoint
2011-07-12 10:34 . 2011-07-12 10:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 10:34 . 2011-07-12 10:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 10:34 . 2011-07-12 10:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 10:34 . 2011-07-12 10:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-11 15:51 . 2011-07-14 00:53 -------- d-----w- c:\windows\en
2011-07-11 15:49 . 2011-07-14 00:53 -------- d-----w- c:\program files\Windows Live
2011-07-11 15:49 . 2011-07-11 15:48 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-10 01:53 . 2011-07-14 00:53 -------- d-----w- c:\program files (x86)\Microsoft Calculator Plus
2011-07-08 13:41 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A943F931-4F2F-4929-A4FD-55E56BE01107}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 19:03 . 2011-05-17 17:37 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-15 09:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-15 09:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-07 10:13 . 2011-06-07 10:13 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2011-06-07 10:13 . 2011-06-07 10:13 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-06-07 10:13 . 2011-06-07 10:13 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2011-06-07 10:13 . 2011-06-07 10:13 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2011-06-07 10:13 . 2011-06-07 10:13 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2011-06-07 10:13 . 2011-06-07 10:13 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2011-06-07 10:13 . 2011-06-07 10:13 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2011-06-07 10:13 . 2011-06-07 10:13 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2011-06-07 10:13 . 2011-06-07 10:13 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2011-06-07 10:13 . 2011-06-07 10:13 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2011-06-07 10:13 . 2011-06-07 10:13 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2011-06-07 10:13 . 2011-06-07 10:13 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2011-06-07 10:13 . 2011-06-07 10:13 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-06-07 10:13 . 2011-06-07 10:13 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-06-07 10:13 . 2011-06-07 10:13 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2011-06-07 10:13 . 2011-06-07 10:13 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2011-06-07 10:13 . 2011-06-07 10:13 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2011-06-07 10:13 . 2011-06-07 10:13 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2011-06-07 10:13 . 2011-06-07 10:13 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2011-06-07 10:13 . 2011-06-07 10:13 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2011-06-07 10:13 . 2011-06-07 10:13 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2011-06-07 10:13 . 2011-06-07 10:13 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2011-06-07 10:13 . 2011-06-07 10:13 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2011-06-07 10:13 . 2011-06-07 10:13 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2011-06-07 10:13 . 2011-06-07 10:13 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2011-06-07 10:13 . 2011-06-07 10:13 40960 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2011-06-07 10:13 . 2011-06-07 10:13 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2011-06-07 10:13 . 2011-06-07 10:13 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2011-06-03 05:57 . 2011-07-13 22:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-26 12:49 . 2009-11-06 15:51 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-05-26 12:49 . 2009-11-06 15:51 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-05-24 18:14 . 2009-11-05 23:55 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 10:30 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 10:30 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 10:30 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 10:30 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 10:30 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-21 19:36 . 2011-05-21 19:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-21 19:36 . 2011-05-21 19:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-21 19:36 . 2011-05-21 19:36 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-21 19:36 . 2011-05-21 19:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-21 19:36 . 2011-05-21 19:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-21 19:36 . 2011-05-21 19:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-21 19:36 . 2011-05-21 19:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-21 19:36 . 2011-05-21 19:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-21 19:36 . 2011-05-21 19:36 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-21 19:36 . 2011-05-21 19:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-21 19:36 . 2011-05-21 19:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-21 19:36 . 2011-05-21 19:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-21 19:36 . 2011-05-21 19:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-21 19:36 . 2011-05-21 19:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-21 19:36 . 2011-05-21 19:36 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-21 19:36 . 2011-05-21 19:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-21 19:36 . 2011-05-21 19:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-21 19:36 . 2011-05-21 19:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-21 19:36 . 2011-05-21 19:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-05-21 19:36 . 2011-05-21 19:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-21 19:36 . 2011-05-21 19:36 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-21 19:36 . 2011-05-21 19:36 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-21 19:36 . 2011-05-21 19:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-21 19:36 . 2011-05-21 19:36 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-21 19:36 . 2011-05-21 19:36 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-21 19:36 . 2011-05-21 19:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-21 19:36 . 2011-05-21 19:36 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-21 19:36 . 2011-05-21 19:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-21 19:36 . 2011-05-21 19:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-21 19:36 . 2011-05-21 19:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-21 19:36 . 2011-05-21 19:36 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-21 19:36 . 2011-05-21 19:36 448512 ----a-w- c:\windows\system32\html.iec
2011-05-21 19:36 . 2011-05-21 19:36 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-21 19:36 . 2011-05-21 19:36 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-21 19:36 . 2011-05-21 19:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-21 19:36 . 2011-05-21 19:36 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-21 19:36 . 2011-05-21 19:36 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-21 19:36 . 2011-05-21 19:36 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-13 15:03 . 2011-05-13 15:03 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2011-05-13 14:42 . 2011-05-13 14:42 302448 ----a-w- c:\windows\WLXPGSS.SCR
2011-05-07 16:51 . 2011-05-07 16:51 454232 ----a-w- c:\windows\system32\drivers\vsdatant.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d}"= "c:\program files (x86)\Nectar Search Toolbar\Helper.dll" [2011-07-14 361472]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{8021825B-2FBA-43AA-8FC9-1289DCD80B76}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B7C2F0D8-2209-4693-A15D-5A537211D48B}]
2011-07-14 01:06 1567744 ----a-w- c:\program files (x86)\Nectar Search Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{8020143D-5926-4394-A04D-DD0B649DA121}"= "c:\program files (x86)\Nectar Search Toolbar\Toolbar.dll" [2011-07-14 1567744]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-06-24 941968]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 3373968]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-05-26 273544]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-07-12 71824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Major Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 RapportEI64;RapportEI64; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca5ef8d5e32abd;Google Update Service (gupdate1ca5ef8d5e32abd);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-06 133104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-06 133104]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\F25B.tmp [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus64_29574.sys [2011-08-03 386128]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-06-22 61200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-05-30 33672]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-05-30 825984]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-22 870200]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 Viewpoint Service;Viewpoint Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-06 15:50]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-06 15:50]
.
2011-08-05 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-06-23 13:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = ***//***.msn.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Notify-igfxcui - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{8020143D-5926-4394-A04D-DD0B649DA121} - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-ISW - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F25B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
"at"Denied: (A 2) (Everyone)
"at"="FlashBroker"
"LocalizedString"=""at"c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
"at"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
"at"="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"at"Denied: (A 2) (Everyone)
"at"="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
"at"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
"at"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
"at"="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
"at"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
"at"="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
"at"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
"at"="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
"at"Denied: (A 2) (Everyone)
"at"="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
"at"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
"at"="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
"at"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
"at"="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
"at"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
"at"="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
"at"Denied: (A 2) (Everyone)
"at"="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
"at"="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
"at"="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
"at"Denied: (A) (Users)
"at"Denied: (A) (Everyone)
"at"Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
"at"Denied: (A) (Users)
"at"Denied: (A) (Everyone)
"at"Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
"at"Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2011-08-05 09:48:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-05 08:48
.
Pre-Run: 95,565,676,544 bytes free
Post-Run: 102,651,478,016 bytes free
.
- - End Of File - - 4711252D461BA5298853355438250256

major-tom
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2011-08-03
Gender : Female
OS : windows 7

View user profile

Back to top Go down

Re: Random missing items and PC freezing after Trojan

Post by Sneakyone on Sat Aug 06, 2011 7:32 am

Hi,

Would you like Ask Toolbar to be removed?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: Random missing items and PC freezing after Trojan

Post by major-tom on Sat Aug 06, 2011 10:59 pm

Hi again,

Didn't realize I had it (!), it shows up in relation to Foxit PDF editor, can I remove it without affecting the editor, if so yes please. I have been through all my folders and manually restored permissions so I think I can access most things again, not sure if there are still any other issues or not, but I have been able to shut down without any problems thus far.

major-tom
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2011-08-03
Gender : Female
OS : windows 7

View user profile

Back to top Go down

Re: Random missing items and PC freezing after Trojan

Post by Sneakyone on Sun Aug 07, 2011 6:12 am

Hi,

Yes it can be removed without removing Foxit.

Please download aswMBR from [You must be registered and logged in to see this link.]


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are [You must be registered and logged in to see this link.]


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: Random missing items and PC freezing after Trojan

Post by major-tom on Tue Aug 30, 2011 11:35 am

Hi again,

Sorry for the massive delay in replying, I haven't been too well. Now I'm back up and running it seems my laptop isn't too well.

I suspect I still have an infection somewhere because new random dysfunctions are still occurring. Lost the Nectar Points toolbar, could not install from fresh download, installed sucessfully from previous download but unable to save login details. Unable to access CDRom drive directly (no permission despite administrator) but plays fine on autoplay and I can see the tracks listed. Still hanging and/or timing out.

Can no longer run aswMBR.exe, either from original download or from fresh. It begins OK then stalls when scanning temp internet files with an error message to say it's stopped working and windows will close the program. Turning off ZoneAlarm makes no difference and I cannot access the option to save log (thought part log might be useful).

Any other suggestions, I can't repair install as it's a preloaded laptop and a fresh install is not really an option. Hoping there's a way to fix this, much appreciated.

major-tom
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2011-08-03
Gender : Female
OS : windows 7

View user profile

Back to top Go down

Re: Random missing items and PC freezing after Trojan

Post by major-tom on Tue Aug 30, 2011 5:47 pm

Whoohoo ! Finally got it to run. Traced the problem to random deleted files and random fake shortcuts, so restored individually where possible. Also found some folder icons now show as locked and some others as shortcuts, changing the icon with the customizing option does not work (it lets you but the display remains unchanged).

Here's the file:

**************************************************************************

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-30 17:39:20
-----------------------------
17:39:20.094 OS Version: Windows x64 6.1.7601 Service Pack 1
17:39:20.094 Number of processors: 2 586 0x170A
17:39:20.094 ComputerName: STARMAN UserName:
17:39:22.543 Initialize success
17:39:26.677 AVAST engine defs: 11082901
17:39:42.059 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:39:42.059 Disk 0 Vendor: TOSHIBA_ FG02 Size: 305245MB BusType: 3
17:39:42.090 Disk 0 MBR read successfully
17:39:42.090 Disk 0 MBR scan
17:39:42.418 Disk 0 Windows 7 default MBR code
17:39:42.433 Service scanning
17:39:43.151 Service 1394ohci C:\Windows\system32\drivers\1394ohci.sys **LOCKED** 32
17:39:43.167 Service ACPI C:\Windows\system32\drivers\ACPI.sys **LOCKED** 32
17:39:43.167 Service AcpiPmi C:\Windows\system32\drivers\acpipmi.sys **LOCKED** 32
17:39:43.167 Service adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys **LOCKED** 32
17:39:43.182 Service adpahci C:\Windows\system32\DRIVERS\adpahci.sys **LOCKED** 32
17:39:43.182 Service adpu320 C:\Windows\system32\DRIVERS\adpu320.sys **LOCKED** 32
17:39:43.182 Service AFD C:\Windows\system32\drivers\afd.sys **LOCKED** 32
17:39:43.198 Service agp440 C:\Windows\system32\drivers\agp440.sys **LOCKED** 32
17:39:43.213 Service aliide C:\Windows\system32\drivers\aliide.sys **LOCKED** 32
17:39:43.213 Service amdide C:\Windows\system32\drivers\amdide.sys **LOCKED** 32
17:39:43.229 Service AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys **LOCKED** 32
17:39:43.229 Service AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys **LOCKED** 32
17:39:43.245 Service amdsata C:\Windows\system32\drivers\amdsata.sys **LOCKED** 32
17:39:43.245 Service amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys **LOCKED** 32
17:39:43.260 Service amdxata C:\Windows\system32\drivers\amdxata.sys **LOCKED** 32
17:39:43.260 Service AppID C:\Windows\system32\drivers\appid.sys **LOCKED** 32
17:39:43.276 Service arc C:\Windows\system32\DRIVERS\arc.sys **LOCKED** 32
17:39:43.276 Service arcsas C:\Windows\system32\DRIVERS\arcsas.sys **LOCKED** 32
17:39:43.291 Service AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys **LOCKED** 32
17:39:43.291 Service atapi C:\Windows\system32\drivers\atapi.sys **LOCKED** 32
17:39:43.291 Service athr C:\Windows\system32\DRIVERS\athrx.sys **LOCKED** 32
17:39:43.307 Service b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys **LOCKED** 32
17:39:43.307 Service b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys **LOCKED** 32
17:39:43.323 Service Beep C:\Windows\System32\Drivers\Beep.sys **LOCKED** 32
17:39:43.338 Service blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys **LOCKED** 32
17:39:43.338 Service BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys **LOCKED** 32
17:39:43.338 Service BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys **LOCKED** 32
17:39:43.354 Service Brserid C:\Windows\System32\Drivers\Brserid.sys **LOCKED** 32
17:39:43.354 Service BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys **LOCKED** 32
17:39:43.369 Service BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys **LOCKED** 32
17:39:43.369 Service BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys **LOCKED** 32
17:39:43.385 Service BthEnum C:\Windows\system32\drivers\BthEnum.sys **LOCKED** 32
17:39:43.385 Service BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys **LOCKED** 32
17:39:43.401 Service BthPan C:\Windows\system32\DRIVERS\bthpan.sys **LOCKED** 32
17:39:43.401 Service BTHPORT C:\Windows\System32\Drivers\BTHport.sys **LOCKED** 32
17:39:43.416 Service BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys **LOCKED** 32
17:39:43.416 Service cdrom C:\Windows\system32\drivers\cdrom.sys **LOCKED** 32
17:39:43.432 Service circlass C:\Windows\system32\DRIVERS\circlass.sys **LOCKED** 32
17:39:43.432 Service CLFS C:\Windows\System32\CLFS.sys **LOCKED** 32
17:39:43.447 Service CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys **LOCKED** 32
17:39:43.447 Service cmdide C:\Windows\system32\drivers\cmdide.sys **LOCKED** 32
17:39:43.463 Service CNG C:\Windows\System32\Drivers\cng.sys **LOCKED** 32
17:39:43.463 Service Compbatt C:\Windows\system32\DRIVERS\compbatt.sys **LOCKED** 32
17:39:43.463 Service CompositeBus C:\Windows\system32\drivers\CompositeBus.sys **LOCKED** 32
17:39:43.479 Service crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys **LOCKED** 32
17:39:43.494 Service discache C:\Windows\System32\drivers\discache.sys **LOCKED** 32
17:39:43.494 Service Disk C:\Windows\system32\DRIVERS\disk.sys **LOCKED** 32
17:39:43.510 Service Dot4 C:\Windows\system32\DRIVERS\Dot4.sys **LOCKED** 32
17:39:43.510 Service Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys **LOCKED** 32
17:39:43.525 Service dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys **LOCKED** 32
17:39:43.525 Service drmkaud C:\Windows\system32\drivers\drmkaud.sys **LOCKED** 32
17:39:43.541 Service DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys **LOCKED** 32
17:39:43.541 Service ebdrv C:\Windows\system32\DRIVERS\evbda.sys **LOCKED** 32
17:39:43.557 Service elxstor C:\Windows\system32\DRIVERS\elxstor.sys **LOCKED** 32
17:39:43.557 Service ErrDev C:\Windows\system32\drivers\errdev.sys **LOCKED** 32
17:39:43.572 Service fdc C:\Windows\system32\DRIVERS\fdc.sys **LOCKED** 32
17:39:43.588 Service flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys **LOCKED** 32
17:39:43.588 Service fvevol C:\Windows\System32\DRIVERS\fvevol.sys **LOCKED** 32
17:39:43.603 Service gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys **LOCKED** 32
17:39:43.635 Service hcw85cir C:\Windows\system32\drivers\hcw85cir.sys **LOCKED** 32
17:39:43.650 Service HdAudAddService C:\Windows\system32\drivers\HdAudio.sys **LOCKED** 32
17:39:43.666 Service HDAudBus C:\Windows\system32\drivers\HDAudBus.sys **LOCKED** 32
17:39:43.681 Service HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys **LOCKED** 32
17:39:43.681 Service HidBth C:\Windows\system32\DRIVERS\hidbth.sys **LOCKED** 32
17:39:43.697 Service HidIr C:\Windows\system32\DRIVERS\hidir.sys **LOCKED** 32
17:39:43.697 Service HidUsb C:\Windows\system32\drivers\hidusb.sys **LOCKED** 32
17:39:43.713 Service HpSAMD C:\Windows\system32\drivers\HpSAMD.sys **LOCKED** 32
17:39:43.713 Service HTTP C:\Windows\system32\drivers\HTTP.sys **LOCKED** 32
17:39:43.728 Service hwpolicy C:\Windows\System32\drivers\hwpolicy.sys **LOCKED** 32
17:39:43.728 Service i8042prt C:\Windows\system32\drivers\i8042prt.sys **LOCKED** 32
17:39:43.744 Service iaStor C:\Windows\system32\DRIVERS\iaStor.sys **LOCKED** 32
17:39:43.744 Service iaStorV C:\Windows\system32\drivers\iaStorV.sys **LOCKED** 32
17:39:43.759 Service igfx C:\Windows\system32\DRIVERS\igdkmd64.sys **LOCKED** 32
17:39:43.759 Service iirsp C:\Windows\system32\DRIVERS\iirsp.sys **LOCKED** 32
17:39:43.775 Service IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys **LOCKED** 32
17:39:43.775 Service IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys **LOCKED** 32
17:39:43.791 Service intelide C:\Windows\system32\drivers\intelide.sys **LOCKED** 32
17:39:43.791 Service intelppm C:\Windows\system32\DRIVERS\intelppm.sys **LOCKED** 32
17:39:43.806 Service IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys **LOCKED** 32
17:39:43.806 Service IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys **LOCKED** 32
17:39:43.822 Service IPNAT C:\Windows\System32\drivers\ipnat.sys **LOCKED** 32
17:39:43.822 Service IRENUM C:\Windows\system32\drivers\irenum.sys **LOCKED** 32
17:39:43.822 Service isapnp C:\Windows\system32\drivers\isapnp.sys **LOCKED** 32
17:39:43.837 Service iScsiPrt C:\Windows\system32\drivers\msiscsi.sys **LOCKED** 32
17:39:43.837 Service ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys **LOCKED** 32
17:39:43.853 Service kbdclass C:\Windows\system32\drivers\kbdclass.sys **LOCKED** 32
17:39:43.853 Service kbdhid C:\Windows\system32\drivers\kbdhid.sys **LOCKED** 32
17:39:43.869 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 32
17:39:43.869 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 32
17:39:43.884 Service KSecDD C:\Windows\System32\Drivers\ksecdd.sys **LOCKED** 32
17:39:43.884 Service KSecPkg C:\Windows\System32\Drivers\ksecpkg.sys **LOCKED** 32
17:39:43.900 Service ksthunk C:\Windows\system32\drivers\ksthunk.sys **LOCKED** 32
17:39:43.900 Service lltdio C:\Windows\system32\DRIVERS\lltdio.sys **LOCKED** 32
17:39:43.915 Service LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys **LOCKED** 32
17:39:43.915 Service LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys **LOCKED** 32
17:39:43.931 Service LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys **LOCKED** 32
17:39:43.931 Service LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys **LOCKED** 32
17:39:43.947 Service LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys **LOCKED** 32
17:39:43.947 Service megasas C:\Windows\system32\DRIVERS\megasas.sys **LOCKED** 32
17:39:43.962 Service MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys **LOCKED** 32
17:39:43.962 Service MEMSWEEP2 C:\Windows\system32\F25B.tmp **LOCKED** 32
17:39:43.978 Service Modem C:\Windows\system32\drivers\modem.sys **LOCKED** 32
17:39:43.978 Service monitor C:\Windows\system32\DRIVERS\monitor.sys **LOCKED** 32
17:39:43.993 Service mouclass C:\Windows\system32\drivers\mouclass.sys **LOCKED** 32
17:39:43.993 Service mouhid C:\Windows\system32\DRIVERS\mouhid.sys **LOCKED** 32
17:39:43.993 Service mountmgr C:\Windows\System32\drivers\mountmgr.sys **LOCKED** 32
17:39:44.009 Service mpio C:\Windows\system32\drivers\mpio.sys **LOCKED** 32
17:39:44.009 Service mpsdrv C:\Windows\System32\drivers\mpsdrv.sys **LOCKED** 32
17:39:44.025 Service msahci C:\Windows\system32\drivers\msahci.sys **LOCKED** 32
17:39:44.025 Service msdsm C:\Windows\system32\drivers\msdsm.sys **LOCKED** 32
17:39:44.040 Service mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys **LOCKED** 32
17:39:44.040 Service msisadrv C:\Windows\system32\drivers\msisadrv.sys **LOCKED** 32
17:39:44.056 Service MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys **LOCKED** 32
17:39:44.056 Service MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys **LOCKED** 32
17:39:44.071 Service MSPQM C:\Windows\system32\drivers\MSPQM.sys **LOCKED** 32
17:39:44.071 Service MsRPC C:\Windows\System32\Drivers\MsRPC.sys **LOCKED** 32
17:39:44.087 Service mssmbios C:\Windows\system32\drivers\mssmbios.sys **LOCKED** 32
17:39:44.087 Service MSTEE C:\Windows\system32\drivers\MSTEE.sys **LOCKED** 32
17:39:44.103 Service MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys **LOCKED** 32
17:39:44.103 Service NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys **LOCKED** 32
17:39:44.118 Service NDIS C:\Windows\system32\drivers\ndis.sys **LOCKED** 32
17:39:44.118 Service NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys **LOCKED** 32
17:39:44.134 Service NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys **LOCKED** 32
17:39:44.134 Service Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys **LOCKED** 32
17:39:44.149 Service NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys **LOCKED** 32
17:39:44.149 Service NDProxy C:\Windows\System32\Drivers\NDProxy.sys **LOCKED** 32
17:39:44.165 Service NetBT C:\Windows\System32\DRIVERS\netbt.sys **LOCKED** 32
17:39:44.181 Service nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys **LOCKED** 32
17:39:44.196 Service nsiproxy C:\Windows\system32\drivers\nsiproxy.sys **LOCKED** 32
17:39:44.196 Service Null C:\Windows\System32\Drivers\Null.sys **LOCKED** 32
17:39:44.212 Service nvraid C:\Windows\system32\drivers\nvraid.sys **LOCKED** 32
17:39:44.212 Service nvstor C:\Windows\system32\drivers\nvstor.sys **LOCKED** 32
17:39:44.227 Service nv_agp C:\Windows\system32\drivers\nv_agp.sys **LOCKED** 32
17:39:44.227 Service ohci1394 C:\Windows\system32\drivers\ohci1394.sys **LOCKED** 32
17:39:44.243 Service Parport C:\Windows\system32\DRIVERS\parport.sys **LOCKED** 32
17:39:44.243 Service partmgr C:\Windows\System32\drivers\partmgr.sys **LOCKED** 32
17:39:44.259 Service pci C:\Windows\system32\drivers\pci.sys **LOCKED** 32
17:39:44.259 Service pciide C:\Windows\system32\drivers\pciide.sys **LOCKED** 32
17:39:44.274 Service pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys **LOCKED** 32
17:39:44.274 Service pcw C:\Windows\System32\drivers\pcw.sys **LOCKED** 32
17:39:44.290 Service PEAUTH C:\Windows\system32\drivers\peauth.sys **LOCKED** 32
17:39:44.290 Service PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys **LOCKED** 32
17:39:44.305 Service PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys **LOCKED** 32
17:39:44.321 Service Processor C:\Windows\system32\DRIVERS\processr.sys **LOCKED** 32
17:39:44.321 Service Psched C:\Windows\system32\DRIVERS\pacer.sys **LOCKED** 32
17:39:44.337 Service ql2300 C:\Windows\system32\DRIVERS\ql2300.sys **LOCKED** 32
17:39:44.337 Service ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys **LOCKED** 32
17:39:44.352 Service QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys **LOCKED** 32
17:39:44.352 Service RapportCerberus_29574 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus64_29574.sys **LOCKED** 32
17:39:44.368 Service RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys **LOCKED** 32
17:39:44.368 Service RasAcd C:\Windows\System32\DRIVERS\rasacd.sys **LOCKED** 32
17:39:44.383 Service RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys **LOCKED** 32
17:39:44.383 Service Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys **LOCKED** 32
17:39:44.399 Service RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys **LOCKED** 32
17:39:44.399 Service RasSstp C:\Windows\system32\DRIVERS\rassstp.sys **LOCKED** 32
17:39:44.415 Service rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys **LOCKED** 32
17:39:44.415 Service RDPCDD C:\Windows\System32\DRIVERS\RDPCDD.sys **LOCKED** 32
17:39:44.430 Service RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys **LOCKED** 32
17:39:44.430 Service RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys **LOCKED** 32
17:39:44.446 Service RDPWD C:\Windows\System32\Drivers\RDPWD.sys **LOCKED** 32
17:39:44.446 Service rdyboost C:\Windows\System32\drivers\rdyboost.sys **LOCKED** 32
17:39:44.461 Service RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys **LOCKED** 32
17:39:44.477 Service rspndr C:\Windows\system32\DRIVERS\rspndr.sys **LOCKED** 32
17:39:44.477 Service RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys **LOCKED** 32
17:39:44.493 Service RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys **LOCKED** 32
17:39:44.493 Service rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys **LOCKED** 32
17:39:44.508 Service sbp2port C:\Windows\system32\drivers\sbp2port.sys **LOCKED** 32
17:39:44.508 Service scfilter C:\Windows\System32\DRIVERS\scfilter.sys **LOCKED** 32
17:39:44.524 Service secdrv C:\Windows\System32\Drivers\secdrv.sys **LOCKED** 32
17:39:44.539 Service Serenum C:\Windows\system32\DRIVERS\serenum.sys **LOCKED** 32
17:39:44.539 Service Serial C:\Windows\system32\DRIVERS\serial.sys **LOCKED** 32
17:39:44.555 Service sermouse C:\Windows\system32\DRIVERS\sermouse.sys **LOCKED** 32
17:39:44.555 Service sffdisk C:\Windows\system32\drivers\sffdisk.sys **LOCKED** 32
17:39:44.571 Service sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys **LOCKED** 32
17:39:44.571 Service sffp_sd C:\Windows\system32\drivers\sffp_sd.sys **LOCKED** 32
17:39:44.586 Service sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys **LOCKED** 32
17:39:44.602 Service SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys **LOCKED** 32
17:39:44.602 Service SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys **LOCKED** 32
17:39:44.602 Service Smb C:\Windows\system32\DRIVERS\smb.sys **LOCKED** 32
17:39:44.617 Service spldr C:\Windows\System32\Drivers\spldr.sys **LOCKED** 32
17:39:44.633 Service ss_bus C:\Windows\system32\DRIVERS\ss_bus.sys **LOCKED** 32
17:39:44.633 Service ss_mdfl C:\Windows\system32\DRIVERS\ss_mdfl.sys **LOCKED** 32
17:39:44.649 Service ss_mdm C:\Windows\system32\DRIVERS\ss_mdm.sys **LOCKED** 32
17:39:44.649 Service stexstor C:\Windows\system32\DRIVERS\stexstor.sys **LOCKED** 32
17:39:44.664 Service swenum C:\Windows\system32\drivers\swenum.sys **LOCKED** 32
17:39:44.664 Service SynTP C:\Windows\system32\DRIVERS\SynTP.sys **LOCKED** 32
17:39:44.680 Service Tcpip C:\Windows\System32\drivers\tcpip.sys **LOCKED** 32
17:39:44.695 Service TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys **LOCKED** 32
17:39:44.695 Service tcpipreg C:\Windows\System32\drivers\tcpipreg.sys **LOCKED** 32
17:39:44.711 Service tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys **LOCKED** 32
17:39:44.711 Service TDPIPE C:\Windows\system32\drivers\tdpipe.sys **LOCKED** 32
17:39:44.727 Service TDTCP C:\Windows\system32\drivers\tdtcp.sys **LOCKED** 32
17:39:44.727 Service tdx C:\Windows\system32\DRIVERS\tdx.sys **LOCKED** 32
17:39:44.742 Service TermDD C:\Windows\system32\drivers\termdd.sys **LOCKED** 32
17:39:44.742 Service tos_sps64 C:\Windows\system32\DRIVERS\tos_sps64.sys **LOCKED** 32
17:39:44.758 Service tssecsrv C:\Windows\System32\DRIVERS\tssecsrv.sys **LOCKED** 32
17:39:44.758 Service TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys **LOCKED** 32
17:39:44.773 Service tunnel C:\Windows\system32\DRIVERS\tunnel.sys **LOCKED** 32
17:39:44.773 Service TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS **LOCKED** 32
17:39:44.789 Service TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys **LOCKED** 32
17:39:44.789 Service uagp35 C:\Windows\system32\DRIVERS\uagp35.sys **LOCKED** 32
17:39:44.805 Service uliagpkx C:\Windows\system32\drivers\uliagpkx.sys **LOCKED** 32
17:39:44.805 Service umbus C:\Windows\system32\drivers\umbus.sys **LOCKED** 32
17:39:44.820 Service UmPass C:\Windows\system32\DRIVERS\umpass.sys **LOCKED** 32
17:39:44.820 Service usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys **LOCKED** 32
17:39:44.836 Service usbcir C:\Windows\system32\drivers\usbcir.sys **LOCKED** 32
17:39:44.836 Service usbehci C:\Windows\system32\DRIVERS\usbehci.sys **LOCKED** 32
17:39:44.851 Service usbhub C:\Windows\system32\DRIVERS\usbhub.sys **LOCKED** 32
17:39:44.851 Service usbohci C:\Windows\system32\drivers\usbohci.sys **LOCKED** 32
17:39:44.867 Service usbprint C:\Windows\system32\DRIVERS\usbprint.sys **LOCKED** 32
17:39:44.867 Service usbscan C:\Windows\system32\DRIVERS\usbscan.sys **LOCKED** 32
17:39:44.883 Service USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS **LOCKED** 32
17:39:44.883 Service usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys **LOCKED** 32
17:39:44.883 Service usbvideo C:\Windows\System32\Drivers\usbvideo.sys **LOCKED** 32
17:39:44.898 Service vdrvroot C:\Windows\system32\drivers\vdrvroot.sys **LOCKED** 32
17:39:44.914 Service vga C:\Windows\system32\DRIVERS\vgapnp.sys **LOCKED** 32
17:39:44.914 Service VgaSave C:\Windows\System32\drivers\vga.sys **LOCKED** 32
17:39:44.914 Service vhdmp C:\Windows\system32\drivers\vhdmp.sys **LOCKED** 32
17:39:44.929 Service viaide C:\Windows\system32\drivers\viaide.sys **LOCKED** 32
17:39:44.929 Service volmgr C:\Windows\system32\drivers\volmgr.sys **LOCKED** 32
17:39:44.945 Service volmgrx C:\Windows\System32\drivers\volmgrx.sys **LOCKED** 32
17:39:44.945 Service volsnap C:\Windows\system32\drivers\volsnap.sys **LOCKED** 32
17:39:44.961 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
17:39:44.961 Service vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys **LOCKED** 32
17:39:44.976 Service vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys **LOCKED** 32
17:39:44.976 Service vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys **LOCKED** 32
17:39:44.992 Service vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys **LOCKED** 32
17:39:45.007 Service WacomPen C:\Windows\system32\DRIVERS\wacompen.sys **LOCKED** 32
17:39:45.007 Service WANARP C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED** 32
17:39:45.007 Service Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED** 32
17:39:45.023 Service Wd C:\Windows\system32\DRIVERS\wd.sys **LOCKED** 32
17:39:45.039 Service Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys **LOCKED** 32
17:39:45.054 Service WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys **LOCKED** 32
17:39:45.054 Service WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys **LOCKED** 32
17:39:45.070 Service WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys **LOCKED** 32
17:39:45.085 Service ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys **LOCKED** 32
17:39:45.085 Service WudfPf C:\Windows\system32\drivers\WudfPf.sys **LOCKED** 32
17:39:45.101 Service WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys **LOCKED** 32
17:39:45.631 Modules scanning
17:39:45.631 Disk 0 trace - called modules:
17:39:45.647 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:39:45.663 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c29790]
17:39:45.663 3 CLASSPNP.SYS[fffff88001c1743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800471d050]
17:39:46.801 AVAST engine scan C:\Windows
17:39:52.074 AVAST engine scan C:\Windows\system32
17:42:19.120 AVAST engine scan C:\Windows\system32\drivers
17:42:34.689 AVAST engine scan C:\Users\Major Tom
18:10:30.995 AVAST engine scan C:\ProgramData
18:19:52.947 Scan finished successfully
18:37:03.108 Disk 0 MBR has been saved successfully to "C:\Users\Major Tom\Desktop\MBR.dat"
18:37:03.124 The log file has been saved successfully to "C:\Users\Major Tom\Desktop\aswMBR.txt"

**************************************************************************



major-tom
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2011-08-03
Gender : Female
OS : windows 7

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum