HELP....Once again

View previous topic View next topic Go down

HELP....Once again

Post by JonEJet on Sat 28 Jan 2012, 1:12 am

First, I'd first like to thank you again for fixing a problem I had some time back. You guys here are great.

Now, it seems I have some sort of Rootkit virus on another laptop of mine. I have no use of my keyboard at this time. I was able to run ComboFix which let me know this rootkit virus was infecting the laptop.

I ran a report, just don't know how to get it over here, since my keyboard is disabled.

Each time I restart the computer I get a popup box "Found new hardware"

Locate and install driver software (recommended)
Ask me again later
Don't show this message again for this device

Am I SOL, or can I get help

Thanks

Jon

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: HELP....Once again

Post by Belahzur on Sat 28 Jan 2012, 7:27 am

Hello.
Please read this topic: [You must be registered and logged in to see this link.]

Follow the instructions and post the required logs in your next post.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HELP....Once again

Post by JonEJet on Sat 28 Jan 2012, 10:10 am

OTL logfile created on: 1/27/2012 5:48:25 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 62.57% Memory free
5.97 Gb Paging File | 4.88 Gb Available in Paging File | 81.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 156.87 Gb Free Space | 69.97% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/27 17:45:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL(1).com
PRC - [2012/01/27 00:36:15 | 000,612,352 | ---- | M] (DownloadManager) -- C:\Program Files\Download Manager\DownloadManager.exe
PRC - [2011/12/26 23:27:07 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/08 18:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/20 19:14:53 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2012/01/20 19:14:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2011/12/26 23:27:07 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/11/26 05:19:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/11/26 05:19:22 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/11/26 05:18:49 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/11/26 05:18:30 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/11/26 05:17:53 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll
MOD - [2011/11/26 05:15:44 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/11/26 05:14:29 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/28 09:42:43 | 006,053,536 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/04/04 11:45:24 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/27 10:56:22 | 000,379,776 | ---- | M] (Sysinternals - [You must be registered and logged in to see this link.] [On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\temp\EDHK.exe -- (EDHK)
SRV - [2012/01/27 10:48:29 | 000,375,680 | ---- | M] (Sysinternals - [You must be registered and logged in to see this link.] [On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\temp\AX.exe -- (AX)
SRV - [2012/01/27 10:47:56 | 000,572,288 | ---- | M] (Sysinternals - [You must be registered and logged in to see this link.] [On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\temp\HDYGKQMINES.exe -- (HDYGKQMINES)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/05/28 18:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 18:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2012/01/03 19:46:17 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/07/28 18:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 21:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 19:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 14:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4A B6 1F 03 13 F3 35 4D A7 45 C4 67 9D 1C 93 69 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "vshare.tv Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "vshare.tv Bar Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {7aeb3efd-e564-43f1-b658-5058a7c5743b}:3.8.1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.4.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/13 19:10:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/26 23:27:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/02 14:45:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Owner\AppData\Roaming\Move Networks [2010/01/02 10:20:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/13 19:10:44 | 000,000,000 | ---D | M]

[2010/01/02 10:20:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/01/27 17:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4mrjzkb9.default\extensions
[2011/11/23 08:06:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4mrjzkb9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/01 15:19:54 | 000,000,000 | ---D | M] (vshare.tv Bar Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4mrjzkb9.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
[2012/01/27 00:36:15 | 000,000,000 | ---D | M] (Download Manager) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4mrjzkb9.default\extensions\downloadmanager@wisedownloads.com
[2012/01/27 00:36:06 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4mrjzkb9.default\extensions\ffxtlbr@Facemoods.com
[2012/01/01 16:29:54 | 000,000,929 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4mrjzkb9.default\searchplugins\conduit.xml
[2012/01/01 15:20:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/04 11:41:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/04 11:40:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/01/02 19:28:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [DownloadManager] C:\Program Files\Download Manager\DownloadManager.exe (DownloadManager)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} [You must be registered and logged in to see this link.] (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D727DAE-E9C3-493F-B8FE-222CE5289741}: DhcpNameServer = 208.59.247.45 208.59.247.46
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: 00TCrdMain - hkey= - key= - File not found
MsConfig - StartUpReg: 951738463 - hkey= - key= - C:\Program Files\Toshiba Registration\Registration.exe (DataLode, Inc.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: SmoothView - hkey= - key= - File not found
MsConfig - StartUpReg: TPwrMain - hkey= - key= - File not found
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/27 10:05:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2012/01/27 08:28:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/01/27 08:27:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/27 00:43:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/27 00:43:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/27 00:43:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/27 00:36:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\DownloadManager
[2012/01/27 00:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Download Manager
[2012/01/10 19:23:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/10 19:23:37 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/10 19:23:36 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/10 19:23:33 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/10 19:23:33 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/02 19:45:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Avira
[2012/01/02 19:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/01/02 19:44:48 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/01/02 19:44:44 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/01/02 19:44:44 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/01/02 19:44:44 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/01/02 19:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/01/01 15:20:21 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/01 15:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/01/01 15:19:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Conduit
[2011/12/29 17:54:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Systweak
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/27 17:39:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/27 17:19:19 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/27 17:19:19 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/27 17:13:08 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/27 17:13:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 17:13:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 17:13:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/27 17:12:55 | 3082,809,344 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/27 09:26:51 | 001,954,684 | ---- | M] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2012/01/27 00:27:23 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/01/24 22:17:45 | 000,000,941 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/24 22:17:45 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/21 10:12:24 | 000,001,726 | -H-- | M] () -- C:\Users\Owner\Documents\Default.rdp
[2012/01/03 19:46:17 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/01/02 19:45:06 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/02 19:28:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/02 18:56:55 | 000,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/12/29 17:55:39 | 000,006,992 | -HS- | M] () -- C:\Users\Owner\AppData\Local\mlt066na4kvn54nx2a323q4npebpq2mr0xkfl
[2011/12/29 17:55:39 | 000,006,992 | -HS- | M] () -- C:\ProgramData\mlt066na4kvn54nx2a323q4npebpq2mr0xkfl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/27 10:38:24 | 3082,809,344 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/27 09:26:50 | 001,954,684 | ---- | C] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2012/01/27 00:43:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/27 00:43:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/27 00:43:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/27 00:43:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/27 00:43:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/27 00:27:07 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/01/24 22:17:45 | 000,000,941 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/24 22:17:45 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 19:45:06 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/29 12:58:08 | 000,006,992 | -HS- | C] () -- C:\Users\Owner\AppData\Local\mlt066na4kvn54nx2a323q4npebpq2mr0xkfl
[2011/12/29 12:58:08 | 000,006,992 | -HS- | C] () -- C:\ProgramData\mlt066na4kvn54nx2a323q4npebpq2mr0xkfl
[2011/12/26 22:18:15 | 000,011,816 | -HS- | C] () -- C:\Users\Owner\AppData\Local\l57gt16rwhu6j3a116e12peh7m5uy78i0883j5pfy6
[2011/12/26 22:18:15 | 000,011,816 | -HS- | C] () -- C:\ProgramData\l57gt16rwhu6j3a116e12peh7m5uy78i0883j5pfy6
[2011/11/29 20:37:56 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/01/13 18:58:40 | 000,195,125 | ---- | C] () -- C:\Windows\hpoins43.dat
[2009/12/16 16:31:03 | 000,005,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/16 15:00:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\emfxp.dll
[2009/12/16 15:00:28 | 000,049,152 | ---- | C] () -- C:\Windows\System32\unpdf.exe
[2009/09/11 18:49:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 18:49:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/23 13:29:01 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/05/23 13:28:59 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/05/22 04:25:35 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2009/03/06 10:03:45 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/03/06 10:03:45 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/03/06 10:03:45 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/03/06 10:03:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/09/30 14:36:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/09/30 14:25:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/09/30 14:25:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/09/30 14:25:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/09/30 14:25:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/09/30 14:25:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/09/30 14:25:14 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/09/30 13:37:15 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/09/30 13:03:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/12 21:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 21:41:20 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/12 21:41:18 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/12 21:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,422,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2011/01/18 03:52:10 | 000,475,016 | ---- | M] () -- C:\Users\Owner\setup.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/12/26 23:27:07 | 000,110,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/12/26 23:27:07 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/12/26 23:27:09 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/12/26 23:27:10 | 000,247,768 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2012/01/27 17:13:06 | 000,003,616 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 17:13:06 | 000,003,616 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2008/09/30 14:56:43 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/09/11 13:50:42 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/03/06 10:11:29 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros
[2012/01/02 19:44:41 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2011/12/11 20:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/12/20 22:52:24 | 000,000,000 | ---D | M] -- C:\Program Files\CasinoOnNet
[2009/09/15 20:20:19 | 000,000,000 | ---D | M] -- C:\Program Files\CASIO
[2009/03/06 10:10:33 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2012/01/27 08:21:43 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/01/01 15:19:52 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2012/01/27 00:36:17 | 000,000,000 | ---D | M] -- C:\Program Files\Download Manager
[2009/12/16 15:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\FormDocs
[2011/11/13 00:40:13 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/01/13 19:10:13 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2012/01/27 10:06:35 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/03/06 10:05:31 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/12/26 23:20:11 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/09/30 14:25:14 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2008/09/30 14:27:17 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2011/12/11 21:04:41 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/12/11 21:06:14 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/04/04 11:40:32 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/03/06 10:12:36 | 000,000,000 | ---D | M] -- C:\Program Files\Jumpstart
[2009/03/06 10:03:45 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2012/01/24 22:17:45 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/11/02 07:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/11/29 13:09:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/03/06 09:55:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2011/10/22 12:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/10/19 18:21:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 02:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/11/24 10:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/12/26 23:27:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 07:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/09/30 13:10:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011/04/04 11:42:57 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2008/09/30 14:34:19 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2011/12/11 21:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/03/06 10:01:15 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 07:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/08/07 20:35:34 | 000,000,000 | ---D | M] -- C:\Program Files\SCRABBLE
[2009/08/08 11:13:44 | 000,000,000 | ---D | M] -- C:\Program Files\SCRABBLE PLUS
[2009/03/06 10:07:38 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2012/01/27 10:06:36 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba
[2008/09/30 14:13:58 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA Games
[2008/09/30 14:15:06 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba Registration
[2008/09/30 14:20:57 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2006/11/02 07:58:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/11/24 10:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2011/11/24 10:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2011/11/24 10:12:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/01/20 12:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2008/09/30 14:24:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2011/11/24 10:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/11/24 10:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2011/11/26 05:07:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2011/11/24 10:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar


< MD5 for: AGP440.SYS >
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008/03/24 22:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008/03/24 22:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2008/03/25 22:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008/03/25 22:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/03/12 01:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\ERDNT\cache\atapi.sys
[2008/03/12 01:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008/03/12 01:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/12 01:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/12 01:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 21:32:45 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 21:32:45 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 04:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2008/04/15 20:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/04/15 20:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/04/15 20:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008/04/15 20:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-27 12:27:47

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/26 23:27:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/26 23:27:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/26 23:27:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/26 23:27:07 | 000,912,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/12/26 23:15:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/12/26 23:15:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/12/26 23:15:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/26 23:15:44 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/12/26 23:15:44 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/26 23:27:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/26 23:27:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/26 23:27:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/26 23:27:07 | 000,912,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/12/26 23:15:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/12/26 23:15:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/12/26 23:15:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/26 23:15:44 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/12/26 23:15:44 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:B9F6C934
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2BDCFAD6
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:2D5907B8
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:63CFAEDF

< End of report >

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: HELP....Once again

Post by JonEJet on Sat 28 Jan 2012, 10:11 am

OTL Extras logfile created on: 1/27/2012 5:48:25 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 62.57% Memory free
5.97 Gb Paging File | 4.88 Gb Available in Paging File | 81.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 156.87 Gb Free Space | 69.97% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-234329832-1625283619-1638487238-1000]
"EnableNotificationsRef" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A8A4372-64AE-45B6-B0CE-67CF68B37087}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{24B53D53-B14F-4BC3-BF80-61579E0CFF05}" = rport=137 | protocol=17 | dir=out | app=system |
"{386D4DDE-B7D0-45ED-9678-4A94828725A8}" = lport=138 | protocol=17 | dir=in | app=system |
"{64BABB91-6A2B-463E-BFC0-782CCB35A3B0}" = rport=138 | protocol=17 | dir=out | app=system |
"{7921E8B4-047E-4210-B143-8DDCDAAA1677}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{810E374E-452D-4838-B940-78C8585A1548}" = rport=139 | protocol=6 | dir=out | app=system |
"{89077151-9074-44D9-96A4-104F99C2946C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AAF92583-FE3F-42CD-B3FB-0AB47D2B238D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B89AB3DE-162D-4C9C-B4C8-F0776A3187D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C9D61A59-674F-4A2A-9B66-7805893349A9}" = lport=139 | protocol=6 | dir=in | app=system |
"{D00DC484-1987-4AD3-B173-04CF3E557712}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E7DBC8D7-07AA-4390-91DD-FB7D13627AAF}" = rport=445 | protocol=6 | dir=out | app=system |
"{EA99CDFF-4DA4-48E3-B61B-4B329375A06A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EEE86F0C-E806-40E1-BCEF-1DBF22F9A26F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1A2D55C-8476-42A4-96EE-D12F57902F5B}" = lport=137 | protocol=17 | dir=in | app=system |
"{F80961C0-42CA-45F7-88B1-75D6036EFDF1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FB706F49-8DD1-4FD1-AA38-213A2117DCBF}" = lport=445 | protocol=6 | dir=in | app=system |
"{FEFF87FC-D6B7-46EF-8745-614BD6B08830}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CEEFCB-1161-4621-99F0-45F8FD7DB7E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{0BE21755-CAEE-48EF-AD58-29015CD9B2B3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0E4147AC-8713-4FE5-8AAD-ED3072AF9F73}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{0E619540-020D-408B-8F57-3BCD885E3543}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{1FA1CBAD-2ABB-403D-B2A6-E4BE38E5D0C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{237015B3-231B-4736-BFFE-9B494976FC2A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{3048F364-F22B-461C-9524-478167938EA2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{375A0E0A-A73B-4AC3-95B3-BD635B0101B2}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{39B3674A-1FF9-46DA-AC8F-E44F2A533DE4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{40412861-5ADA-4DB6-AD52-84078E50D607}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{487F53A9-2054-4F74-9C81-4EC28C30BBF3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{4D11DFFF-3D0F-4EFC-8DDA-AC6DE1D51D16}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{50CF33BB-0B4C-4473-8FA9-3AB53D1CEC10}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{752E5771-7F46-40E3-8FDA-5367B58C2FF6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{79900B21-702E-4867-B2D6-BF455F5E9D06}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{859EA8E2-D3BD-48B0-A967-4A36A406ED0C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{A0EEF57F-1672-49D0-A9AD-643376E0C477}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{A94C06C0-AB0B-4422-AE4B-7B71A0766237}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AA7781BF-F693-41C7-8FE8-694181CAA4E9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B96904CE-9644-423D-91B5-3359F349FB84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BF9B0A45-A94D-4713-BB88-1CD0ACA42746}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D5B82E62-314C-432A-82C4-41DF783A5FE7}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{DC27F700-9CC0-44C2-BE7F-DE6F6D71C7AD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{DE0FDBB4-2CEA-46FD-A7DB-45B636E7A0AF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F5AB533B-A87A-4073-A98E-8C333B42B908}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F7E0754B-6085-4590-A289-E48C80024C3B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FE799E12-C62E-4DBE-9703-7220AD9F2BEC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{AC106968-BA5B-47B4-B34F-288F36657855}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{C84EAABD-7BF8-4DC2-88A7-F45F2E4E6431}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4B7E2C9E-F27C-4D03-A126-63F594A957BF}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{F3715709-5EF3-49A6-866A-019A0E8A4A5D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{07F58BB0-50D4-4477-B491-A97B2AD059B6}" = TOSHIBA Hotkey Utility
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63CFD835-FF50-4F8B-91CD-5662A8C640F8}" = Photo Transport
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4DC4718-90DD-48CC-A2DE-1C65BDDFBB8A}" = BlueWare
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Download Manager" = Download Manager
"FormDocs" = FormDocs 7.6.2
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Picasa2" = Picasa 2
"SCRABBLE" = SCRABBLE
"SCRABBLE PLUS" = SCRABBLE PLUS
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/27/2012 8:39:26 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/27/2012 8:56:38 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/27/2012 9:10:04 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/27/2012 9:52:29 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/27/2012 10:08:54 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/27/2012 10:55:23 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/27/2012 11:06:12 AM | Computer Name = Owner-PC | Source = VSS | ID = 8194
Description =

Error - 1/27/2012 11:28:26 AM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 1/27/2012 11:40:10 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/27/2012 6:14:39 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 3/25/2010 11:43:39 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 217368
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/27/2012 11:48:26 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 1/27/2012 11:48:26 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/27/2012 11:48:29 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/27/2012 11:49:00 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 1/27/2012 11:49:00 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/27/2012 11:56:23 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/27/2012 12:05:01 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:56:22 AM on 1/27/2012 was unexpected.

Error - 1/27/2012 6:13:02 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:05:01 AM on 1/27/2012 was unexpected.

Error - 1/27/2012 6:14:40 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/27/2012 6:14:40 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: HELP....Once again

Post by JonEJet on Sat 28 Jan 2012, 10:38 am

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-27 18:15:25
-----------------------------
18:15:25.201 OS Version: Windows 6.0.6002 Service Pack 2
18:15:25.201 Number of processors: 2 586 0xF0D
18:15:25.202 ComputerName: OWNER-PC UserName: Owner
18:15:26.364 Initialize success
18:16:23.559 AVAST engine defs: 12012701
18:17:19.638 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:17:19.643 Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
18:17:19.663 Disk 0 MBR read successfully
18:17:19.668 Disk 0 MBR scan
18:17:19.678 Disk 0 Windows VISTA default MBR code
18:17:19.689 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
18:17:19.712 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 229585 MB offset 3074048
18:17:19.744 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7389 MB offset 473264128
18:17:19.758 Disk 0 scanning sectors +488396800
18:17:19.830 Disk 0 scanning C:\Windows\system32\drivers
18:17:33.208 Service scanning
18:17:33.748 Service .tdx \? **LOCKED** 123
18:17:34.449 Modules scanning
18:17:42.414 Disk 0 trace - called modules:
18:17:42.433
18:17:43.756 AVAST engine scan C:\Windows
18:17:50.944 AVAST engine scan C:\Windows\system32
18:21:45.620 AVAST engine scan C:\Windows\system32\drivers
18:22:05.154 AVAST engine scan C:\Users\Owner
18:26:47.104 File: C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4924bc6d-4271b634 **INFECTED** Win32:Karagany-EJ [Trj]
18:26:47.552 File: C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4924bc6d-7674a473 **INFECTED** Win32:Karagany-EJ [Trj]
18:26:48.892 File: C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6d73ddb6-10c599f0 **INFECTED** Win32:MalOb-GR [Cryp]
18:32:11.149 AVAST engine scan C:\ProgramData
18:34:43.080 Scan finished successfully
18:35:56.077 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
18:35:56.090 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: HELP....Once again

Post by JonEJet on Sat 28 Jan 2012, 10:49 am

Unfortunately I was unable to run the security check...I still have no use of the keyboard...I am typing this from another computer

Thank you

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: HELP....Once again

Post by Belahzur on Tue 31 Jan 2012, 12:04 pm

Hello.

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HELP....Once again

Post by JonEJet on Tue 31 Jan 2012, 12:16 pm

20:12:50.0616 4420 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
20:12:50.0859 4420 ============================================================
20:12:50.0859 4420 Current date / time: 2012/01/30 20:12:50.0859
20:12:50.0859 4420 SystemInfo:
20:12:50.0859 4420
20:12:50.0859 4420 OS Version: 6.0.6002 ServicePack: 2.0
20:12:50.0859 4420 Product type: Workstation
20:12:50.0859 4420 ComputerName: OWNER-PC
20:12:50.0859 4420 UserName: Owner
20:12:50.0860 4420 Windows directory: C:\Windows
20:12:50.0860 4420 System windows directory: C:\Windows
20:12:50.0860 4420 Processor architecture: Intel x86
20:12:50.0860 4420 Number of processors: 2
20:12:50.0860 4420 Page size: 0x1000
20:12:50.0860 4420 Boot type: Normal boot
20:12:50.0860 4420 ============================================================
20:12:51.0275 4420 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:12:51.0277 4420 \Device\Harddisk0\DR0:
20:12:51.0282 4420 MBR used
20:12:51.0282 4420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1C068800
20:12:51.0319 4420 Initialize success
20:12:51.0319 4420 ============================================================
20:12:54.0566 5764 ============================================================
20:12:54.0566 5764 Scan started
20:12:54.0566 5764 Mode: Manual;
20:12:54.0566 5764 ============================================================
20:13:00.0701 5764 .tdx - ok
20:13:00.0888 5764 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:13:00.0894 5764 ACPI - ok
20:13:01.0162 5764 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:13:01.0171 5764 adp94xx - ok
20:13:01.0265 5764 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:13:01.0272 5764 adpahci - ok
20:13:01.0329 5764 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:13:01.0332 5764 adpu160m - ok
20:13:01.0412 5764 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:13:01.0415 5764 adpu320 - ok
20:13:01.0493 5764 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:13:01.0501 5764 AFD - ok
20:13:01.0618 5764 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
20:13:01.0643 5764 AgereSoftModem - ok
20:13:01.0791 5764 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:13:01.0793 5764 agp440 - ok
20:13:01.0843 5764 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:13:01.0847 5764 aic78xx - ok
20:13:01.0888 5764 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:13:01.0890 5764 aliide - ok
20:13:01.0993 5764 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:13:01.0996 5764 amdagp - ok
20:13:02.0040 5764 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:13:02.0043 5764 amdide - ok
20:13:02.0105 5764 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:13:02.0108 5764 AmdK7 - ok
20:13:02.0181 5764 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:13:02.0183 5764 AmdK8 - ok
20:13:02.0361 5764 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:13:02.0365 5764 arc - ok
20:13:02.0435 5764 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:13:02.0438 5764 arcsas - ok
20:13:02.0549 5764 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:13:02.0551 5764 AsyncMac - ok
20:13:02.0582 5764 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
20:13:02.0584 5764 atapi - ok
20:13:02.0687 5764 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
20:13:02.0710 5764 athr - ok
20:13:02.0829 5764 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
20:13:02.0832 5764 avgntflt - ok
20:13:02.0873 5764 avipbb (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
20:13:02.0876 5764 avipbb - ok
20:13:02.0899 5764 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
20:13:02.0901 5764 avkmgr - ok
20:13:03.0032 5764 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:13:03.0034 5764 Beep - ok
20:13:03.0092 5764 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:13:03.0094 5764 blbdrive - ok
20:13:03.0230 5764 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:13:03.0233 5764 bowser - ok
20:13:03.0285 5764 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:13:03.0287 5764 BrFiltLo - ok
20:13:03.0320 5764 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:13:03.0322 5764 BrFiltUp - ok
20:13:03.0406 5764 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:13:03.0409 5764 Brserid - ok
20:13:03.0457 5764 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:13:03.0459 5764 BrSerWdm - ok
20:13:03.0479 5764 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:13:03.0481 5764 BrUsbMdm - ok
20:13:03.0531 5764 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:13:03.0533 5764 BrUsbSer - ok
20:13:03.0592 5764 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:13:03.0594 5764 BTHMODEM - ok
20:13:03.0658 5764 catchme - ok
20:13:03.0735 5764 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:13:03.0738 5764 cdfs - ok
20:13:03.0796 5764 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:13:03.0799 5764 cdrom - ok
20:13:03.0874 5764 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:13:03.0877 5764 circlass - ok
20:13:03.0945 5764 ciuvv - ok
20:13:04.0004 5764 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:13:04.0012 5764 CLFS - ok
20:13:04.0110 5764 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:13:04.0113 5764 CmBatt - ok
20:13:04.0164 5764 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:13:04.0167 5764 cmdide - ok
20:13:04.0191 5764 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:13:04.0194 5764 Compbatt - ok
20:13:04.0287 5764 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:13:04.0290 5764 crcdisk - ok
20:13:04.0333 5764 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:13:04.0336 5764 Crusoe - ok
20:13:04.0408 5764 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:13:04.0412 5764 DfsC - ok
20:13:04.0509 5764 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:13:04.0512 5764 disk - ok
20:13:04.0605 5764 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
20:13:04.0609 5764 Dot4 - ok
20:13:04.0712 5764 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:13:04.0715 5764 Dot4Print - ok
20:13:04.0769 5764 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
20:13:04.0771 5764 dot4usb - ok
20:13:04.0835 5764 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:13:04.0837 5764 drmkaud - ok
20:13:04.0935 5764 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:13:04.0951 5764 DXGKrnl - ok
20:13:05.0040 5764 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:13:05.0045 5764 E1G60 - ok
20:13:05.0120 5764 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:13:05.0125 5764 Ecache - ok
20:13:05.0252 5764 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:13:05.0262 5764 elxstor - ok
20:13:05.0389 5764 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:13:05.0391 5764 ErrDev - ok
20:13:05.0467 5764 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:13:05.0471 5764 exfat - ok
20:13:05.0588 5764 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:13:05.0593 5764 fastfat - ok
20:13:05.0657 5764 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:13:05.0660 5764 fdc - ok
20:13:05.0765 5764 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:13:05.0769 5764 FileInfo - ok
20:13:05.0794 5764 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:13:05.0795 5764 Filetrace - ok
20:13:05.0820 5764 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:13:05.0822 5764 flpydisk - ok
20:13:05.0882 5764 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:13:05.0888 5764 FltMgr - ok
20:13:05.0988 5764 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:13:05.0990 5764 Fs_Rec - ok
20:13:06.0030 5764 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
20:13:06.0032 5764 FwLnk - ok
20:13:06.0062 5764 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:13:06.0065 5764 gagp30kx - ok
20:13:06.0220 5764 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:13:06.0222 5764 GEARAspiWDM - ok
20:13:06.0311 5764 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:13:06.0316 5764 HdAudAddService - ok
20:13:06.0417 5764 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:13:06.0427 5764 HDAudBus - ok
20:13:06.0529 5764 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:13:06.0531 5764 HidBth - ok
20:13:06.0563 5764 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:13:06.0565 5764 HidIr - ok
20:13:06.0606 5764 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:13:06.0608 5764 HidUsb - ok
20:13:06.0659 5764 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:13:06.0661 5764 HpCISSs - ok
20:13:06.0823 5764 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
20:13:06.0835 5764 HTTP - ok
20:13:06.0899 5764 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:13:06.0901 5764 i2omp - ok
20:13:07.0013 5764 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
20:13:07.0017 5764 iaStor - ok
20:13:07.0088 5764 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:13:07.0094 5764 iaStorV - ok
20:13:07.0258 5764 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:13:07.0324 5764 igfx - ok
20:13:07.0429 5764 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:13:07.0432 5764 iirsp - ok
20:13:07.0553 5764 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
20:13:07.0608 5764 IntcAzAudAddService - ok
20:13:07.0723 5764 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:13:07.0725 5764 intelide - ok
20:13:07.0766 5764 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:13:07.0768 5764 intelppm - ok
20:13:07.0808 5764 IO_Memory - ok
20:13:07.0926 5764 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:13:07.0929 5764 IpFilterDriver - ok
20:13:07.0945 5764 IpInIp - ok
20:13:07.0974 5764 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:13:07.0977 5764 IPMIDRV - ok
20:13:08.0002 5764 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:13:08.0006 5764 IPNAT - ok
20:13:08.0040 5764 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:13:08.0042 5764 IRENUM - ok
20:13:08.0132 5764 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:13:08.0135 5764 isapnp - ok
20:13:08.0184 5764 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:13:08.0190 5764 iScsiPrt - ok
20:13:08.0232 5764 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:13:08.0235 5764 iteatapi - ok
20:13:08.0330 5764 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:13:08.0332 5764 iteraid - ok
20:13:08.0407 5764 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
20:13:08.0409 5764 jswpslwf - ok
20:13:08.0435 5764 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:13:08.0438 5764 kbdclass - ok
20:13:08.0549 5764 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
20:13:08.0552 5764 kbdhid - ok
20:13:08.0589 5764 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
20:13:08.0596 5764 KR10I - ok
20:13:08.0634 5764 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
20:13:08.0641 5764 KR10N - ok
20:13:08.0765 5764 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:13:08.0776 5764 KSecDD - ok
20:13:08.0884 5764 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:13:08.0888 5764 lltdio - ok
20:13:08.0939 5764 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:13:08.0943 5764 LSI_FC - ok
20:13:08.0970 5764 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:13:08.0974 5764 LSI_SAS - ok
20:13:08.0995 5764 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:13:08.0998 5764 LSI_SCSI - ok
20:13:09.0092 5764 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:13:09.0096 5764 luafv - ok
20:13:09.0144 5764 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:13:09.0147 5764 megasas - ok
20:13:09.0268 5764 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:13:09.0278 5764 MegaSR - ok
20:13:09.0391 5764 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:13:09.0393 5764 Modem - ok
20:13:09.0418 5764 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:13:09.0421 5764 monitor - ok
20:13:09.0443 5764 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:13:09.0446 5764 mouclass - ok
20:13:09.0464 5764 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:13:09.0466 5764 mouhid - ok
20:13:09.0559 5764 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:13:09.0562 5764 MountMgr - ok
20:13:09.0589 5764 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:13:09.0594 5764 mpio - ok
20:13:09.0627 5764 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:13:09.0629 5764 mpsdrv - ok
20:13:09.0731 5764 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:13:09.0734 5764 Mraid35x - ok
20:13:09.0785 5764 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:13:09.0788 5764 MRxDAV - ok
20:13:09.0832 5764 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:13:09.0836 5764 mrxsmb - ok
20:13:09.0947 5764 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:13:09.0954 5764 mrxsmb10 - ok
20:13:09.0991 5764 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:13:09.0995 5764 mrxsmb20 - ok
20:13:10.0030 5764 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
20:13:10.0033 5764 msahci - ok
20:13:10.0127 5764 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:13:10.0149 5764 msdsm - ok
20:13:10.0188 5764 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:13:10.0191 5764 Msfs - ok
20:13:10.0303 5764 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:13:10.0305 5764 msisadrv - ok
20:13:10.0363 5764 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:13:10.0366 5764 MSKSSRV - ok
20:13:10.0382 5764 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:13:10.0384 5764 MSPCLOCK - ok
20:13:10.0408 5764 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:13:10.0409 5764 MSPQM - ok
20:13:10.0532 5764 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:13:10.0537 5764 MsRPC - ok
20:13:10.0581 5764 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:13:10.0583 5764 mssmbios - ok
20:13:10.0642 5764 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:13:10.0644 5764 MSTEE - ok
20:13:10.0767 5764 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:13:10.0770 5764 Mup - ok
20:13:10.0838 5764 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:13:10.0843 5764 NativeWifiP - ok
20:13:10.0962 5764 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:13:10.0976 5764 NDIS - ok
20:13:11.0056 5764 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:13:11.0059 5764 NdisTapi - ok
20:13:11.0134 5764 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:13:11.0136 5764 Ndisuio - ok
20:13:11.0221 5764 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:13:11.0225 5764 NdisWan - ok
20:13:11.0250 5764 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:13:11.0253 5764 NDProxy - ok
20:13:11.0341 5764 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:13:11.0343 5764 NetBIOS - ok
20:13:11.0428 5764 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:13:11.0433 5764 netbt - ok
20:13:11.0487 5764 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:13:11.0490 5764 nfrd960 - ok
20:13:11.0587 5764 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:13:11.0589 5764 Npfs - ok
20:13:11.0656 5764 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:13:11.0659 5764 nsiproxy - ok
20:13:11.0756 5764 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:13:11.0782 5764 Ntfs - ok
20:13:11.0884 5764 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:13:11.0886 5764 ntrigdigi - ok
20:13:11.0934 5764 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
20:13:11.0936 5764 NuidFltr - ok
20:13:11.0964 5764 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:13:11.0966 5764 Null - ok
20:13:12.0065 5764 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:13:12.0069 5764 nvraid - ok
20:13:12.0098 5764 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:13:12.0101 5764 nvstor - ok
20:13:12.0158 5764 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:13:12.0162 5764 nv_agp - ok
20:13:12.0176 5764 NwlnkFlt - ok
20:13:12.0194 5764 NwlnkFwd - ok
20:13:12.0330 5764 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
20:13:12.0333 5764 ohci1394 - ok
20:13:12.0390 5764 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:13:12.0394 5764 Parport - ok
20:13:12.0448 5764 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:13:12.0451 5764 partmgr - ok
20:13:12.0546 5764 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:13:12.0548 5764 Parvdm - ok
20:13:12.0596 5764 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:13:12.0602 5764 pci - ok
20:13:12.0630 5764 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
20:13:12.0640 5764 pciide - ok
20:13:12.0736 5764 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:13:12.0742 5764 pcmcia - ok
20:13:12.0800 5764 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:13:12.0822 5764 PEAUTH - ok
20:13:12.0965 5764 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:13:12.0968 5764 PptpMiniport - ok
20:13:12.0994 5764 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:13:12.0997 5764 Processor - ok
20:13:13.0061 5764 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:13:13.0064 5764 PSched - ok
20:13:13.0090 5764 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
20:13:13.0093 5764 PxHelp20 - ok
20:13:13.0247 5764 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:13:13.0274 5764 ql2300 - ok
20:13:13.0375 5764 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:13:13.0380 5764 ql40xx - ok
20:13:13.0418 5764 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:13:13.0420 5764 QWAVEdrv - ok
20:13:13.0447 5764 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:13:13.0449 5764 RasAcd - ok
20:13:13.0480 5764 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:13:13.0484 5764 Rasl2tp - ok
20:13:13.0594 5764 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:13:13.0597 5764 RasPppoe - ok
20:13:13.0659 5764 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:13:13.0663 5764 RasSstp - ok
20:13:13.0730 5764 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:13:13.0737 5764 rdbss - ok
20:13:13.0832 5764 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:13:13.0834 5764 RDPCDD - ok
20:13:13.0876 5764 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:13:13.0884 5764 rdpdr - ok
20:13:13.0991 5764 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:13:13.0993 5764 RDPENCDD - ok
20:13:14.0054 5764 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:13:14.0060 5764 RDPWD - ok
20:13:14.0188 5764 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
20:13:14.0191 5764 RimUsb - ok
20:13:14.0246 5764 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:13:14.0250 5764 rspndr - ok
20:13:14.0355 5764 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:13:14.0360 5764 RTL8169 - ok
20:13:14.0405 5764 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
20:13:14.0408 5764 RTSTOR - ok
20:13:14.0441 5764 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:13:14.0444 5764 sbp2port - ok
20:13:14.0549 5764 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:13:14.0552 5764 secdrv - ok
20:13:14.0603 5764 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:13:14.0606 5764 Serenum - ok
20:13:14.0639 5764 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:13:14.0643 5764 Serial - ok
20:13:14.0719 5764 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:13:14.0722 5764 sermouse - ok
20:13:14.0772 5764 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:13:14.0775 5764 sffdisk - ok
20:13:14.0804 5764 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:13:14.0806 5764 sffp_mmc - ok
20:13:14.0830 5764 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:13:14.0833 5764 sffp_sd - ok
20:13:14.0924 5764 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:13:14.0926 5764 sfloppy - ok
20:13:14.0978 5764 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:13:14.0980 5764 sisagp - ok
20:13:15.0006 5764 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:13:15.0009 5764 SiSRaid2 - ok
20:13:15.0034 5764 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:13:15.0037 5764 SiSRaid4 - ok
20:13:15.0168 5764 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:13:15.0172 5764 Smb - ok
20:13:15.0225 5764 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:13:15.0227 5764 spldr - ok
20:13:15.0280 5764 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:13:15.0289 5764 srv - ok
20:13:15.0387 5764 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:13:15.0392 5764 srv2 - ok
20:13:15.0420 5764 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:13:15.0424 5764 srvnet - ok
20:13:15.0474 5764 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:13:15.0475 5764 ssmdrv - ok
20:13:15.0585 5764 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
20:13:15.0587 5764 SVRPEDRV - ok
20:13:15.0674 5764 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:13:15.0677 5764 swenum - ok
20:13:15.0746 5764 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:13:15.0749 5764 Symc8xx - ok
20:13:15.0796 5764 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:13:15.0798 5764 Sym_hi - ok
20:13:15.0825 5764 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:13:15.0828 5764 Sym_u3 - ok
20:13:15.0907 5764 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
20:13:15.0914 5764 SynTP - ok
20:13:16.0018 5764 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:13:16.0040 5764 Tcpip - ok
20:13:16.0184 5764 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:13:16.0196 5764 Tcpip6 - ok
20:13:16.0317 5764 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:13:16.0320 5764 tcpipreg - ok
20:13:16.0373 5764 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:13:16.0375 5764 tdcmdpst - ok
20:13:16.0414 5764 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:13:16.0417 5764 TDPIPE - ok
20:13:16.0510 5764 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:13:16.0513 5764 TDTCP - ok
20:13:16.0560 5764 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
20:13:16.0564 5764 tdx - ok
20:13:16.0600 5764 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:13:16.0603 5764 TermDD - ok
20:13:16.0789 5764 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
20:13:16.0797 5764 tos_sps32 - ok
20:13:16.0914 5764 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:13:16.0916 5764 tssecsrv - ok
20:13:16.0943 5764 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:13:16.0945 5764 tunmp - ok
20:13:17.0014 5764 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:13:17.0016 5764 tunnel - ok
20:13:17.0058 5764 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:13:17.0061 5764 TVALZ - ok
20:13:17.0169 5764 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:13:17.0172 5764 uagp35 - ok
20:13:17.0256 5764 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:13:17.0263 5764 udfs - ok
20:13:17.0389 5764 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:13:17.0393 5764 uliagpkx - ok
20:13:17.0442 5764 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:13:17.0449 5764 uliahci - ok
20:13:17.0540 5764 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:13:17.0543 5764 UlSata - ok
20:13:17.0582 5764 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:13:17.0587 5764 ulsata2 - ok
20:13:17.0621 5764 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:13:17.0637 5764 umbus - ok
20:13:17.0735 5764 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
20:13:17.0738 5764 USBAAPL - ok
20:13:17.0784 5764 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:13:17.0788 5764 usbccgp - ok
20:13:17.0818 5764 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:13:17.0822 5764 usbcir - ok
20:13:17.0913 5764 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:13:17.0916 5764 usbehci - ok
20:13:17.0963 5764 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:13:17.0969 5764 usbhub - ok
20:13:18.0006 5764 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:13:18.0008 5764 usbohci - ok
20:13:18.0064 5764 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:13:18.0066 5764 usbprint - ok
20:13:18.0187 5764 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:13:18.0190 5764 usbscan - ok
20:13:18.0255 5764 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:13:18.0258 5764 USBSTOR - ok
20:13:18.0350 5764 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:13:18.0353 5764 usbuhci - ok
20:13:18.0407 5764 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:13:18.0412 5764 usbvideo - ok
20:13:18.0451 5764 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:13:18.0454 5764 vga - ok
20:13:18.0491 5764 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:13:18.0493 5764 VgaSave - ok
20:13:18.0570 5764 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:13:18.0574 5764 viaagp - ok
20:13:18.0615 5764 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:13:18.0618 5764 ViaC7 - ok
20:13:18.0658 5764 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:13:18.0661 5764 viaide - ok
20:13:18.0751 5764 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:13:18.0754 5764 volmgr - ok
20:13:18.0829 5764 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:13:18.0837 5764 volmgrx - ok
20:13:18.0923 5764 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:13:18.0930 5764 volsnap - ok
20:13:18.0990 5764 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:13:18.0996 5764 vsmraid - ok
20:13:19.0097 5764 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:13:19.0099 5764 WacomPen - ok
20:13:19.0147 5764 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:13:19.0150 5764 Wanarp - ok
20:13:19.0157 5764 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:13:19.0162 5764 Wanarpv6 - ok
20:13:19.0195 5764 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:13:19.0198 5764 Wd - ok
20:13:19.0235 5764 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:13:19.0248 5764 Wdf01000 - ok
20:13:19.0418 5764 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
20:13:19.0420 5764 WmiAcpi - ok
20:13:19.0484 5764 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:13:19.0486 5764 WpdUsb - ok
20:13:19.0588 5764 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:13:19.0589 5764 ws2ifsl - ok
20:13:19.0628 5764 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:13:19.0639 5764 WUDFRd - ok
20:13:19.0674 5764 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
20:13:19.0723 5764 \Device\Harddisk0\DR0 - ok
20:13:19.0728 5764 Boot (0x1200) (a8c49a574ade113eef46fb98d0d2ffb5) \Device\Harddisk0\DR0\Partition0
20:13:19.0732 5764 \Device\Harddisk0\DR0\Partition0 - ok
20:13:19.0732 5764 ============================================================
20:13:19.0732 5764 Scan finished
20:13:19.0732 5764 ============================================================
20:13:19.0751 5740 Detected object count: 0
20:13:19.0751 5740 Actual detected object count: 0
20:13:46.0758 5644 Deinitialize success

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: HELP....Once again

Post by Belahzur on Tue 31 Jan 2012, 12:25 pm

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HELP....Once again

Post by JonEJet on Tue 31 Jan 2012, 1:05 pm

ComboFix 12-01-30.02 - Owner 01/30/2012 20:49:12.4.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.1861 [GMT -5:00]
Running from: c:\users\Owner\Downloads\commy.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Trend Micro AntiVirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Trend Micro AntiVirus *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-31 02:00 . 2012-01-31 02:00 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-01-31 02:00 . 2012-01-31 02:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-31 02:00 . 2012-01-31 02:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-27 15:05 . 2012-01-27 15:05 -------- d-----w- c:\users\Owner\AppData\Roaming\WinBatch
2012-01-27 12:53 . 2008-01-21 02:32 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-27 05:36 . 2012-01-27 05:36 -------- d-----w- c:\users\Owner\AppData\Local\DownloadManager
2012-01-27 05:36 . 2012-01-27 05:36 -------- d-----w- c:\program files\Download Manager
2012-01-11 00:23 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 00:23 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 00:23 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 00:23 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 00:23 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 00:23 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 00:23 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 00:23 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-03 00:45 . 2012-01-03 00:45 -------- d-----w- c:\users\Owner\AppData\Roaming\Avira
2012-01-03 00:44 . 2012-01-04 00:46 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-03 00:44 . 2011-09-16 04:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-03 00:44 . 2011-09-16 04:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-03 00:44 . 2012-01-03 00:44 -------- d-----w- c:\program files\Avira
2012-01-03 00:27 . 2008-01-21 02:34 71680 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-01-01 20:20 . 2012-01-01 20:20 -------- d-----w- c:\windows\Sun
2012-01-01 20:19 . 2012-01-01 20:19 -------- d-----w- c:\program files\Conduit
2012-01-01 20:19 . 2012-01-02 19:45 -------- d-----w- c:\users\Owner\AppData\Local\Conduit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-27 04:15 . 2011-12-27 04:15 161792 ----a-w- c:\windows\system32\msls31.dll
2011-12-27 04:15 . 2011-12-27 04:15 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-27 04:15 . 2011-12-27 04:15 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-27 04:15 . 2011-12-27 04:15 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-27 04:15 . 2011-12-27 04:15 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-27 04:15 . 2011-12-27 04:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-27 04:15 . 2011-12-27 04:15 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-12-27 04:15 . 2011-12-27 04:15 367104 ----a-w- c:\windows\system32\html.iec
2011-12-27 04:15 . 2011-12-27 04:15 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-12-27 04:15 . 2011-12-27 04:15 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-27 04:15 . 2011-12-27 04:15 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-27 04:15 . 2011-12-27 04:15 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-12-27 04:15 . 2011-12-27 04:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-27 04:15 . 2011-12-27 04:15 152064 ----a-w- c:\windows\system32\wextract.exe
2011-12-27 04:15 . 2011-12-27 04:15 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-12-27 04:15 . 2011-12-27 04:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-27 04:15 . 2011-12-27 04:15 11776 ----a-w- c:\windows\system32\mshta.exe
2011-12-27 04:15 . 2011-12-27 04:15 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-12-27 04:15 . 2011-12-27 04:15 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-12-27 04:15 . 2011-12-27 04:15 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-27 04:15 . 2011-12-27 04:15 101888 ----a-w- c:\windows\system32\admparse.dll
2011-12-10 20:24 . 2011-05-31 18:11 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:37 . 2011-12-14 22:38 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-12-27 17:15 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{803FDDBA-4A2C-4396-9525-FA32DA2BF1F0}\mpengine.dll
2011-11-08 14:42 . 2011-12-14 22:38 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}]
2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DownloadManager"="c:\program files\Download Manager\DownloadManager.exe" [2012-01-27 612352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-05-09 19:49 716800 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\951738463]
2008-07-22 23:02 87536 ----a-w- c:\program files\Toshiba Registration\Registration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-09-30 19:33 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-16 01:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 23:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2008-06-02 21:26 505720 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-02-06 21:52 431456 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-234329832-1625283619-1638487238-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 05:18]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4mrjzkb9.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - vshare.tv Bar Customized Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Download Manager: [You must be registered and logged in to see this link.] - %profile%\extensions\downloadmanager@wisedownloads.com
FF - Ext: Facemoods: [You must be registered and logged in to see this link.] - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: vshare.tv Bar Community Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - %profile%\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-01-30 21:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.tdx]
"ImagePath"="\?"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-01-30 21:02:27
ComboFix-quarantined-files.txt 2012-01-31 02:02
ComboFix2.txt 2012-01-27 13:28
ComboFix3.txt 2012-01-27 13:03
ComboFix4.txt 2012-01-03 00:35
ComboFix5.txt 2012-01-31 01:43
.
Pre-Run: 169,150,136,320 bytes free
Post-Run: 168,730,099,712 bytes free
.
- - End Of File - - 437E6576A195B78A8A6DB2FFDE2F8C3C

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: HELP....Once again

Post by JonEJet on Wed 01 Feb 2012, 2:33 am

Keyboard still doesn't respond

That seems to be my only hurdle.

Thanks

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: HELP....Once again

Post by Belahzur on Sat 11 Feb 2012, 10:56 am

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HELP....Once again

Post by JonEJet on Sat 11 Feb 2012, 11:22 am

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a2225434a35c77479a3612dd4558e624
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-10 02:10:46
# local_time=2012-02-09 09:10:46 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 3200536 3200536 0 0
# compatibility_mode=5892 16776574 66 100 2910706 165442389 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=193078
# found=14
# cleaned=14
# scan_time=5029
C:\Documents and Settings\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1a20b02e-3fa92e50 Java/Exploit.Blacole trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Downloads\cnet2_ComboFix_exe(2).exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Downloads\cnet2_ComboFix_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Downloads\OOo_Setup_Win_32_en(2).exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Downloads\OOo_Setup_Win_32_en.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Downloads\SoftonicDownloader_for_kaspersky-tdsskiller(2)(1).exe Win32/SoftonicDownloader.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Downloads\SoftonicDownloader_for_kaspersky-tdsskiller(3)(1).exe Win32/SoftonicDownloader.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Downloads\SoftonicDownloader_for_kaspersky-tdsskiller(4)(1).exe Win32/SoftonicDownloader.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\ie3sh.exe.vir probably a variant of Win32/BHO.OCS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\SGPSA\ie3sh.exe.vir probably a variant of Win32/BHO.OCS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4mrjzkb9.default\extensions\{2f939e2f-e5e7-495f-af08-7361e22d9fb6}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4mrjzkb9.default\extensions\{72c4d92a-d9cd-4b9c-baf7-0889ce822ab3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: HELP....Once again

Post by JonEJet on Sat 11 Feb 2012, 11:23 am

Thanks for your reply

Still have no use of the keyboard...ugh

Says
There is a problem with the driver Unknown device

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: HELP....Once again

Post by JonEJet on Tue 21 Feb 2012, 12:52 pm

I'm dying over here...any help would be greatly appreciated.

Thanks

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: HELP....Once again

Post by Sponsored content Today at 9:48 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum