mpsinger

Great, everything appears to be back to normal. I'll post again if any issues crop up, but for now, thanks a lot for your help!

Hello: So I ran the TDSSKiller and it found some malware: Rootkit.Boot.Pihar.a. The log is below. I also downloaded Blue Screen View, however when I click on the program a window pops up but no scans occur. I did try putting the laptop into hibernation and starting it up again and it started fine, so I'm wondering if curing the rootkit took care of that. It's only been a few minutes since running TDSSKiller and so far no reports of svchost.exe trying to connect to any malicious sites. Here's the TDSSKiller log: 14:34:04.0608 5500 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24 14:34:06.0614 5500 ============================================================ 14:34:06.0615 5500 Current date / time: 2011/10/14 14:34:06.0614 14:34:06.0615 5500 SystemInfo: 14:34:06.0615 5500 14:34:06.0615 5500 OS Version: 6.0.6002 ServicePack: 2.0 14:34:06.0615 5500 Product type: Workstation 14:34:06.0615 5500 ComputerName: MATT-PC 14:34:06.0616 5500 UserName: Matt 14:34:06.0616 5500 Windows directory: C:\Windows 14:34:06.0616 5500 System windows directory: C:\Windows 14:34:06.0616 5500 Processor architecture: Intel x86 14:34:06.0616 5500 Number of processors: 2 14:34:06.0616 5500 Page size: 0x1000 14:34:06.0616 5500 Boot type: Normal boot 14:34:06.0616 5500 ============================================================ 14:34:07.0474 5500 Initialize success 14:34:15.0840 4172 ============================================================ 14:34:15.0840 4172 Scan started 14:34:15.0840 4172 Mode: Manual; 14:34:15.0840 4172 ============================================================ 14:34:16.0393 4172 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 14:34:16.0399 4172 ACPI - ok 14:34:16.0583 4172 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 14:34:16.0606 4172 adp94xx - ok 14:34:16.0690 4172 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 14:34:16.0701 4172 adpahci - ok 14:34:16.0763 4172 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 14:34:16.0768 4172 adpu160m - ok 14:34:16.0804 4172 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 14:34:16.0813 4172 adpu320 - ok 14:34:16.0976 4172 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 14:34:16.0987 4172 AFD - ok 14:34:17.0151 4172 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys 14:34:17.0216 4172 AgereSoftModem - ok 14:34:17.0304 4172 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 14:34:17.0308 4172 agp440 - ok 14:34:17.0358 4172 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 14:34:17.0363 4172 aic78xx - ok 14:34:17.0405 4172 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 14:34:17.0408 4172 aliide - ok 14:34:17.0523 4172 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 14:34:17.0527 4172 amdagp - ok 14:34:17.0564 4172 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 14:34:17.0567 4172 amdide - ok 14:34:17.0606 4172 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 14:34:17.0610 4172 AmdK7 - ok 14:34:17.0650 4172 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 14:34:17.0653 4172 AmdK8 - ok 14:34:17.0744 4172 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 14:34:17.0748 4172 arc - ok 14:34:17.0814 4172 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 14:34:17.0819 4172 arcsas - ok 14:34:17.0886 4172 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 14:34:17.0889 4172 AsyncMac - ok 14:34:17.0948 4172 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 14:34:17.0951 4172 atapi - ok 14:34:18.0119 4172 Avgfwfd (c46ba2c177df0b84f9c0bfc1e4574dc7) C:\Windows\system32\DRIVERS\avgfwd6x.sys 14:34:18.0123 4172 Avgfwfd - ok 14:34:18.0188 4172 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 14:34:18.0194 4172 AVGIDSDriver - ok 14:34:18.0281 4172 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 14:34:18.0285 4172 AVGIDSEH - ok 14:34:18.0362 4172 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 14:34:18.0366 4172 AVGIDSFilter - ok 14:34:18.0470 4172 AVGIDSShim (54d710b7d2e30e1ddc8ce2c6e685576b) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 14:34:18.0473 4172 AVGIDSShim - ok 14:34:18.0564 4172 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\Windows\system32\DRIVERS\avgldx86.sys 14:34:18.0588 4172 Avgldx86 - ok 14:34:18.0678 4172 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys 14:34:18.0682 4172 Avgmfx86 - ok 14:34:18.0792 4172 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys 14:34:18.0796 4172 Avgrkx86 - ok 14:34:18.0924 4172 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys 14:34:18.0938 4172 Avgtdix - ok 14:34:19.0069 4172 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 14:34:19.0073 4172 Beep - ok 14:34:19.0181 4172 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 14:34:19.0184 4172 blbdrive - ok 14:34:19.0339 4172 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 14:34:19.0344 4172 bowser - ok 14:34:19.0410 4172 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 14:34:19.0419 4172 BrFiltLo - ok 14:34:19.0525 4172 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 14:34:19.0528 4172 BrFiltUp - ok 14:34:19.0590 4172 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 14:34:19.0595 4172 Brserid - ok 14:34:19.0648 4172 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 14:34:19.0653 4172 BrSerWdm - ok 14:34:19.0726 4172 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 14:34:19.0729 4172 BrUsbMdm - ok 14:34:19.0807 4172 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 14:34:19.0822 4172 BrUsbSer - ok 14:34:19.0980 4172 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 14:34:19.0987 4172 BTHMODEM - ok 14:34:20.0122 4172 catchme - ok 14:34:20.0332 4172 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 14:34:20.0337 4172 cdfs - ok 14:34:20.0437 4172 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 14:34:20.0448 4172 cdrom - ok 14:34:20.0489 4172 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 14:34:20.0492 4172 circlass - ok 14:34:20.0573 4172 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 14:34:20.0582 4172 CLFS - ok 14:34:20.0643 4172 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 14:34:20.0646 4172 CmBatt - ok 14:34:20.0682 4172 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 14:34:20.0687 4172 cmdide - ok 14:34:20.0721 4172 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 14:34:20.0726 4172 Compbatt - ok 14:34:20.0766 4172 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 14:34:20.0772 4172 crcdisk - ok 14:34:20.0841 4172 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 14:34:20.0844 4172 Crusoe - ok 14:34:21.0018 4172 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 14:34:21.0023 4172 DfsC - ok 14:34:21.0219 4172 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 14:34:21.0225 4172 disk - ok 14:34:21.0356 4172 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 14:34:21.0366 4172 Dot4 - ok 14:34:21.0432 4172 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 14:34:21.0436 4172 Dot4Print - ok 14:34:21.0503 4172 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 14:34:21.0507 4172 dot4usb - ok 14:34:21.0624 4172 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 14:34:21.0627 4172 drmkaud - ok 14:34:21.0715 4172 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 14:34:21.0727 4172 DXGKrnl - ok 14:34:21.0795 4172 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 14:34:21.0818 4172 E1G60 - ok 14:34:21.0936 4172 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 14:34:21.0943 4172 Ecache - ok 14:34:21.0997 4172 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 14:34:22.0009 4172 elxstor - ok 14:34:22.0074 4172 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 14:34:22.0077 4172 ErrDev - ok 14:34:22.0187 4172 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 14:34:22.0194 4172 exfat - ok 14:34:22.0253 4172 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 14:34:22.0260 4172 fastfat - ok 14:34:22.0305 4172 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 14:34:22.0308 4172 fdc - ok 14:34:22.0421 4172 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 14:34:22.0425 4172 FileInfo - ok 14:34:22.0507 4172 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 14:34:22.0511 4172 Filetrace - ok 14:34:22.0610 4172 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 14:34:22.0614 4172 flpydisk - ok 14:34:22.0754 4172 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 14:34:22.0766 4172 FltMgr - ok 14:34:22.0848 4172 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 14:34:22.0851 4172 Fs_Rec - ok 14:34:22.0912 4172 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys 14:34:22.0915 4172 FwLnk - ok 14:34:22.0979 4172 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 14:34:22.0984 4172 gagp30kx - ok 14:34:23.0047 4172 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 14:34:23.0073 4172 GEARAspiWDM - ok 14:34:23.0204 4172 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 14:34:23.0222 4172 HdAudAddService - ok 14:34:23.0300 4172 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 14:34:23.0310 4172 HDAudBus - ok 14:34:23.0343 4172 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 14:34:23.0347 4172 HidBth - ok 14:34:23.0391 4172 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 14:34:23.0395 4172 HidIr - ok 14:34:23.0470 4172 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 14:34:23.0474 4172 HidUsb - ok 14:34:23.0527 4172 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 14:34:23.0534 4172 HpCISSs - ok 14:34:23.0613 4172 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 14:34:23.0632 4172 HTTP - ok 14:34:23.0685 4172 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 14:34:23.0689 4172 i2omp - ok 14:34:23.0763 4172 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 14:34:23.0767 4172 i8042prt - ok 14:34:23.0867 4172 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\DRIVERS\iaStor.sys 14:34:23.0873 4172 iaStor - ok 14:34:23.0910 4172 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 14:34:23.0920 4172 iaStorV - ok 14:34:24.0101 4172 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys 14:34:24.0191 4172 igfx - ok 14:34:24.0219 4172 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 14:34:24.0224 4172 iirsp - ok 14:34:24.0341 4172 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys 14:34:24.0420 4172 IntcAzAudAddService - ok 14:34:24.0497 4172 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 14:34:24.0500 4172 intelide - ok 14:34:24.0537 4172 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 14:34:24.0540 4172 intelppm - ok 14:34:24.0594 4172 IO_Memory - ok 14:34:24.0652 4172 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:34:24.0656 4172 IpFilterDriver - ok 14:34:24.0696 4172 IpInIp - ok 14:34:24.0739 4172 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 14:34:24.0743 4172 IPMIDRV - ok 14:34:24.0793 4172 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 14:34:24.0799 4172 IPNAT - ok 14:34:24.0871 4172 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 14:34:24.0874 4172 IRENUM - ok 14:34:25.0000 4172 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 14:34:25.0019 4172 isapnp - ok 14:34:25.0109 4172 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 14:34:25.0113 4172 iScsiPrt - ok 14:34:25.0156 4172 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 14:34:25.0160 4172 iteatapi - ok 14:34:25.0199 4172 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 14:34:25.0220 4172 iteraid - ok 14:34:25.0249 4172 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 14:34:25.0253 4172 kbdclass - ok 14:34:25.0301 4172 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 14:34:25.0305 4172 kbdhid - ok 14:34:25.0352 4172 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys 14:34:25.0361 4172 KR10I - ok 14:34:25.0400 4172 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys 14:34:25.0409 4172 KR10N - ok 14:34:25.0490 4172 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 14:34:25.0513 4172 KSecDD - ok 14:34:25.0613 4172 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 14:34:25.0657 4172 lltdio - ok 14:34:25.0753 4172 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 14:34:25.0759 4172 LSI_FC - ok 14:34:25.0815 4172 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 14:34:25.0839 4172 LSI_SAS - ok 14:34:25.0917 4172 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 14:34:25.0926 4172 LSI_SCSI - ok 14:34:25.0969 4172 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 14:34:25.0974 4172 luafv - ok 14:34:26.0162 4172 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys 14:34:26.0165 4172 MBAMProtector - ok 14:34:26.0294 4172 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 14:34:26.0298 4172 megasas - ok 14:34:26.0363 4172 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 14:34:26.0426 4172 MegaSR - ok 14:34:26.0568 4172 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 14:34:26.0571 4172 Modem - ok 14:34:26.0664 4172 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 14:34:26.0667 4172 monitor - ok 14:34:26.0695 4172 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 14:34:26.0699 4172 mouclass - ok 14:34:26.0735 4172 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 14:34:26.0738 4172 mouhid - ok 14:34:26.0772 4172 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 14:34:26.0776 4172 MountMgr - ok 14:34:26.0842 4172 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 14:34:26.0849 4172 mpio - ok 14:34:26.0879 4172 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 14:34:26.0884 4172 mpsdrv - ok 14:34:26.0968 4172 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 14:34:26.0971 4172 Mraid35x - ok 14:34:27.0086 4172 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 14:34:27.0092 4172 MRxDAV - ok 14:34:27.0156 4172 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:34:27.0189 4172 mrxsmb - ok 14:34:27.0268 4172 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:34:27.0278 4172 mrxsmb10 - ok 14:34:27.0416 4172 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:34:27.0426 4172 mrxsmb20 - ok 14:34:27.0578 4172 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys 14:34:27.0597 4172 msahci - ok 14:34:27.0725 4172 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 14:34:27.0731 4172 msdsm - ok 14:34:27.0838 4172 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 14:34:27.0851 4172 Msfs - ok 14:34:27.0911 4172 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 14:34:27.0925 4172 msisadrv - ok 14:34:28.0048 4172 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 14:34:28.0057 4172 MSKSSRV - ok 14:34:28.0105 4172 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 14:34:28.0123 4172 MSPCLOCK - ok 14:34:28.0172 4172 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 14:34:28.0175 4172 MSPQM - ok 14:34:28.0322 4172 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 14:34:28.0330 4172 MsRPC - ok 14:34:28.0391 4172 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 14:34:28.0393 4172 mssmbios - ok 14:34:28.0444 4172 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 14:34:28.0448 4172 MSTEE - ok 14:34:28.0580 4172 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 14:34:28.0584 4172 Mup - ok 14:34:28.0698 4172 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 14:34:28.0706 4172 NativeWifiP - ok 14:34:28.0767 4172 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 14:34:28.0779 4172 NDIS - ok 14:34:28.0829 4172 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 14:34:28.0832 4172 NdisTapi - ok 14:34:28.0866 4172 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 14:34:28.0870 4172 Ndisuio - ok 14:34:28.0929 4172 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 14:34:28.0935 4172 NdisWan - ok 14:34:29.0022 4172 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 14:34:29.0027 4172 NDProxy - ok 14:34:29.0072 4172 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 14:34:29.0075 4172 NetBIOS - ok 14:34:29.0136 4172 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 14:34:29.0144 4172 netbt - ok 14:34:29.0399 4172 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys 14:34:29.0530 4172 NETw5v32 - ok 14:34:29.0570 4172 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 14:34:29.0574 4172 nfrd960 - ok 14:34:29.0684 4172 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 14:34:29.0688 4172 Npfs - ok 14:34:29.0727 4172 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 14:34:29.0730 4172 nsiproxy - ok 14:34:29.0832 4172 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 14:34:29.0879 4172 Ntfs - ok 14:34:29.0921 4172 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 14:34:29.0924 4172 ntrigdigi - ok 14:34:29.0960 4172 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 14:34:29.0968 4172 Null - ok 14:34:30.0005 4172 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 14:34:30.0010 4172 nvraid - ok 14:34:30.0044 4172 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 14:34:30.0048 4172 nvstor - ok 14:34:30.0091 4172 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 14:34:30.0098 4172 nv_agp - ok 14:34:30.0119 4172 NwlnkFlt - ok 14:34:30.0145 4172 NwlnkFwd - ok 14:34:30.0212 4172 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 14:34:30.0215 4172 ohci1394 - ok 14:34:30.0309 4172 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 14:34:30.0314 4172 Parport - ok 14:34:30.0378 4172 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 14:34:30.0382 4172 partmgr - ok 14:34:30.0425 4172 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 14:34:30.0428 4172 Parvdm - ok 14:34:30.0473 4172 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 14:34:30.0479 4172 pci - ok 14:34:30.0534 4172 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys 14:34:30.0538 4172 pciide - ok 14:34:30.0579 4172 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 14:34:30.0587 4172 pcmcia - ok 14:34:30.0655 4172 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 14:34:30.0719 4172 PEAUTH - ok 14:34:30.0858 4172 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 14:34:30.0863 4172 PptpMiniport - ok 14:34:30.0902 4172 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 14:34:30.0907 4172 Processor - ok 14:34:31.0004 4172 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 14:34:31.0008 4172 PSched - ok 14:34:31.0069 4172 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys 14:34:31.0072 4172 PSI - ok 14:34:31.0196 4172 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 14:34:31.0244 4172 ql2300 - ok 14:34:31.0325 4172 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 14:34:31.0331 4172 ql40xx - ok 14:34:31.0379 4172 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 14:34:31.0382 4172 QWAVEdrv - ok 14:34:31.0420 4172 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 14:34:31.0423 4172 RasAcd - ok 14:34:31.0465 4172 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:34:31.0471 4172 Rasl2tp - ok 14:34:31.0536 4172 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 14:34:31.0540 4172 RasPppoe - ok 14:34:31.0564 4172 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 14:34:31.0573 4172 RasSstp - ok 14:34:31.0633 4172 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 14:34:31.0641 4172 rdbss - ok 14:34:31.0668 4172 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:34:31.0676 4172 RDPCDD - ok 14:34:31.0736 4172 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 14:34:31.0746 4172 rdpdr - ok 14:34:31.0777 4172 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 14:34:31.0785 4172 RDPENCDD - ok 14:34:31.0858 4172 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 14:34:31.0866 4172 RDPWD - ok 14:34:32.0006 4172 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys 14:34:32.0010 4172 rimmptsk - ok 14:34:32.0058 4172 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys 14:34:32.0065 4172 rimsptsk - ok 14:34:32.0136 4172 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys 14:34:32.0139 4172 rismxdp - ok 14:34:32.0187 4172 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 14:34:32.0195 4172 rspndr - ok 14:34:32.0264 4172 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys 14:34:32.0269 4172 RTL8169 - ok 14:34:32.0332 4172 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 14:34:32.0337 4172 sbp2port - ok 14:34:32.0418 4172 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 14:34:32.0424 4172 sdbus - ok 14:34:32.0473 4172 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 14:34:32.0476 4172 secdrv - ok 14:34:32.0544 4172 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 14:34:32.0547 4172 Serenum - ok 14:34:32.0590 4172 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 14:34:32.0596 4172 Serial - ok 14:34:32.0627 4172 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 14:34:32.0631 4172 sermouse - ok 14:34:32.0705 4172 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 14:34:32.0710 4172 sffdisk - ok 14:34:32.0748 4172 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 14:34:32.0751 4172 sffp_mmc - ok 14:34:32.0839 4172 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 14:34:32.0845 4172 sffp_sd - ok 14:34:32.0899 4172 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 14:34:32.0903 4172 sfloppy - ok 14:34:32.0993 4172 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 14:34:33.0000 4172 sisagp - ok 14:34:33.0039 4172 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 14:34:33.0043 4172 SiSRaid2 - ok 14:34:33.0082 4172 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 14:34:33.0088 4172 SiSRaid4 - ok 14:34:33.0205 4172 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 14:34:33.0211 4172 Smb - ok 14:34:33.0257 4172 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 14:34:33.0265 4172 spldr - ok 14:34:33.0419 4172 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 14:34:33.0429 4172 srv - ok 14:34:33.0487 4172 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 14:34:33.0494 4172 srv2 - ok 14:34:33.0573 4172 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 14:34:33.0579 4172 srvnet - ok 14:34:33.0710 4172 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys 14:34:33.0713 4172 SVRPEDRV - ok 14:34:33.0789 4172 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 14:34:33.0793 4172 swenum - ok 14:34:33.0901 4172 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 14:34:33.0906 4172 Symc8xx - ok 14:34:33.0942 4172 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 14:34:33.0945 4172 Sym_hi - ok 14:34:33.0977 4172 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 14:34:33.0981 4172 Sym_u3 - ok 14:34:34.0062 4172 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys 14:34:34.0072 4172 SynTP - ok 14:34:34.0194 4172 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys 14:34:34.0237 4172 Tcpip - ok 14:34:34.0289 4172 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys 14:34:34.0303 4172 Tcpip6 - ok 14:34:34.0363 4172 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 14:34:34.0367 4172 tcpipreg - ok 14:34:34.0419 4172 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys 14:34:34.0422 4172 tdcmdpst - ok 14:34:34.0468 4172 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 14:34:34.0472 4172 TDPIPE - ok 14:34:34.0527 4172 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 14:34:34.0531 4172 TDTCP - ok 14:34:34.0601 4172 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 14:34:34.0605 4172 tdx - ok 14:34:34.0670 4172 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 14:34:34.0674 4172 TermDD - ok 14:34:34.0775 4172 Tosrfcom - ok 14:34:34.0868 4172 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys 14:34:34.0877 4172 tosrfec - ok 14:34:34.0938 4172 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys 14:34:34.0948 4172 tos_sps32 - ok 14:34:35.0017 4172 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:34:35.0021 4172 tssecsrv - ok 14:34:35.0061 4172 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys 14:34:35.0065 4172 tunnel - ok 14:34:35.0103 4172 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS 14:34:35.0108 4172 TVALZ - ok 14:34:35.0146 4172 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 14:34:35.0151 4172 uagp35 - ok 14:34:35.0219 4172 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 14:34:35.0230 4172 udfs - ok 14:34:35.0326 4172 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 14:34:35.0330 4172 uliagpkx - ok 14:34:35.0368 4172 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 14:34:35.0385 4172 uliahci - ok 14:34:35.0416 4172 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 14:34:35.0422 4172 UlSata - ok 14:34:35.0460 4172 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 14:34:35.0467 4172 ulsata2 - ok 14:34:35.0515 4172 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 14:34:35.0521 4172 umbus - ok 14:34:35.0568 4172 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 14:34:35.0574 4172 usbccgp - ok 14:34:35.0624 4172 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 14:34:35.0629 4172 usbcir - ok 14:34:35.0707 4172 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 14:34:35.0712 4172 usbehci - ok 14:34:35.0779 4172 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 14:34:35.0787 4172 usbhub - ok 14:34:35.0841 4172 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 14:34:35.0845 4172 usbohci - ok 14:34:35.0892 4172 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 14:34:35.0899 4172 usbprint - ok 14:34:35.0947 4172 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:34:35.0951 4172 USBSTOR - ok 14:34:35.0995 4172 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 14:34:35.0999 4172 usbuhci - ok 14:34:36.0072 4172 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 14:34:36.0086 4172 usbvideo - ok 14:34:36.0131 4172 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS 14:34:36.0135 4172 UVCFTR - ok 14:34:36.0231 4172 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 14:34:36.0235 4172 vga - ok 14:34:36.0271 4172 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 14:34:36.0275 4172 VgaSave - ok 14:34:36.0310 4172 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 14:34:36.0315 4172 viaagp - ok 14:34:36.0350 4172 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 14:34:36.0354 4172 ViaC7 - ok 14:34:36.0391 4172 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 14:34:36.0396 4172 viaide - ok 14:34:36.0463 4172 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 14:34:36.0467 4172 volmgr - ok 14:34:36.0548 4172 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 14:34:36.0558 4172 volmgrx - ok 14:34:36.0637 4172 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 14:34:36.0646 4172 volsnap - ok 14:34:36.0693 4172 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 14:34:36.0699 4172 vsmraid - ok 14:34:36.0869 4172 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 14:34:36.0873 4172 WacomPen - ok 14:34:36.0925 4172 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 14:34:36.0929 4172 Wanarp - ok 14:34:36.0964 4172 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 14:34:36.0967 4172 Wanarpv6 - ok 14:34:37.0018 4172 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 14:34:37.0023 4172 Wd - ok 14:34:37.0130 4172 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 14:34:37.0165 4172 Wdf01000 - ok 14:34:37.0362 4172 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 14:34:37.0365 4172 WmiAcpi - ok 14:34:37.0555 4172 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 14:34:37.0561 4172 WpdUsb - ok 14:34:37.0605 4172 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 14:34:37.0609 4172 ws2ifsl - ok 14:34:37.0688 4172 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:34:37.0694 4172 WUDFRd - ok 14:34:37.0766 4172 MBR (0x1B8) (8a0fc4f7b021d70c614f5de2d74c557e) \Device\Harddisk0\DR0 14:34:37.0767 4172 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - infected 14:34:37.0767 4172 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0) 14:34:37.0793 4172 Boot (0x1200) (8746054a7862a20a008d53010bc55148) \Device\Harddisk0\DR0\Partition0 14:34:37.0795 4172 \Device\Harddisk0\DR0\Partition0 - ok 14:34:37.0796 4172 ============================================================ 14:34:37.0796 4172 Scan finished 14:34:37.0796 4172 ============================================================ 14:34:37.0860 4820 Detected object count: 1 14:34:37.0860 4820 Actual detected object count: 1 14:36:11.0480 4820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - will be cured on reboot 14:36:11.0480 4820 \Device\Harddisk0\DR0 - ok 14:36:11.0483 4820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - User select action: Cure 14:36:16.0956 1288 Deinitialize success TDSSKiller.2.6.9.0_14.10.2011_14.34.04_log.txt

OK, I ran everything but the problems still remain -- svchost.exe is still trying to connect to malicious sites which AVG keeps blocking, and CPU usage ramps up to 100% a few minutes after restarting the computer. Also, I've noticed that whenever I hibernate my laptop, I get blue-screened when I try to turn it back on. Here are the logs you requested, starting with the new Combofix: ComboFix 11-10-10.04 - Matt 10/10/2011 15:22:42.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1476 [GMT -7:00] Running from: c:\users\Matt\Desktop\ComboFix.exe AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\StartNow Toolbar c:\program files\StartNow Toolbar\Resources\images\engine_images.png c:\program files\StartNow Toolbar\Resources\images\engine_maps.png c:\program files\StartNow Toolbar\Resources\images\engine_news.png c:\program files\StartNow Toolbar\Resources\images\engine_videos.png c:\program files\StartNow Toolbar\Resources\images\engine_web.png c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png c:\program files\StartNow Toolbar\Resources\images\icon_games.png c:\program files\StartNow Toolbar\Resources\images\icon_msn.png c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png c:\program files\StartNow Toolbar\Resources\images\icon_travel.png c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png c:\program files\StartNow Toolbar\Resources\installer.xml c:\program files\StartNow Toolbar\Resources\protect\index.html c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png c:\program files\StartNow Toolbar\Resources\protect\window.css c:\program files\StartNow Toolbar\Resources\protect\window.js c:\program files\StartNow Toolbar\Resources\reactivate\index.html c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css c:\program files\StartNow Toolbar\Resources\reactivate\window.css c:\program files\StartNow Toolbar\Resources\reactivate\window.js c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png c:\program files\StartNow Toolbar\Resources\skin\separator.png c:\program files\StartNow Toolbar\Resources\skin\splitter.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png c:\program files\StartNow Toolbar\Resources\toolbar.xml c:\program files\StartNow Toolbar\Resources\update.xml c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe c:\program files\StartNow Toolbar\uninstall.dat c:\programdata\Roaming c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini . . ((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 ))))))))))))))))))))))))))))))) . . 2011-09-20 17:20 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-09-19 21:42 . 2011-09-19 21:42 -------- d-----w- c:\program files\Windows Portable Devices 2011-09-19 17:54 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2011-09-19 17:54 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2011-09-19 17:54 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-09-19 17:52 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2011-09-19 17:52 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2011-09-19 17:52 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2011-09-19 17:52 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2011-09-19 17:52 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2011-09-19 17:52 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe 2011-09-19 17:52 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll 2011-09-19 17:49 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-09-19 17:49 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2011-09-19 17:49 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-19 17:35 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2011-09-19 17:35 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2011-09-19 17:35 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2011-09-19 17:35 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2011-09-19 17:35 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2011-09-19 02:40 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll 2011-09-19 02:40 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll 2011-09-19 02:39 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-09-19 02:38 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll 2011-09-19 02:36 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-09-19 02:36 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll 2011-09-19 02:35 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2011-09-19 02:35 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2011-09-19 02:35 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2011-09-19 02:35 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-09-19 02:35 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-09-19 02:35 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-09-19 02:35 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll 2011-09-19 02:35 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll 2011-09-19 02:35 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2011-09-19 02:35 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-09-19 02:35 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2011-09-19 02:35 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll 2011-09-19 02:32 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2011-09-19 02:30 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-09-19 02:30 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-09-19 02:30 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-09-19 02:18 . 2011-10-10 19:44 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2011-09-19 02:01 . 2011-09-19 02:01 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2011-09-19 02:01 . 2011-09-19 02:02 -------- d-----w- c:\program files\AVG Secure Search 2011-09-19 01:58 . 2011-09-19 01:58 -------- d-----w- c:\users\Matt\AppData\Roaming\AVG2012 2011-09-19 01:53 . 2011-09-19 02:15 -------- d-----w- c:\programdata\AVG2012 2011-09-17 01:45 . 2011-09-17 01:45 388096 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-09-17 01:04 . 2011-09-17 01:04 -------- d-----w- c:\users\Matt\AppData\Roaming\OpenOffice.org 2011-09-17 00:51 . 2011-09-17 00:51 -------- d-----w- c:\program files\OpenOffice.org 3 2011-09-17 00:18 . 2011-09-17 00:18 -------- d-----w- c:\users\Matt\AppData\Local\WindowsUpdate 2011-09-16 23:53 . 2011-09-16 23:53 -------- d-----w- c:\users\Matt\AppData\Local\Secunia PSI 2011-09-16 23:53 . 2011-09-16 23:53 -------- d-----w- c:\program files\Secunia 2011-09-16 22:53 . 2011-09-16 22:57 -------- d-----w- c:\windows\system32\ca-ES 2011-09-16 22:53 . 2011-09-16 22:57 -------- d-----w- c:\windows\system32\eu-ES 2011-09-16 22:53 . 2011-09-16 22:57 -------- d-----w- c:\windows\system32\vi-VN 2011-09-16 22:45 . 2011-09-16 22:45 -------- d-----w- c:\windows\system32\SPReview 2011-09-16 22:15 . 2009-04-11 06:28 928768 ----a-w- c:\windows\system32\scavenge.dll 2011-09-16 22:15 . 2009-04-11 06:27 57856 ----a-w- c:\windows\system32\compcln.exe 2011-09-16 22:08 . 2009-04-11 06:28 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2011-09-16 22:01 . 2011-09-16 22:01 -------- d-----w- c:\windows\system32\EventProviders 2011-09-16 21:21 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-09-16 21:21 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-09-16 18:49 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin 2011-09-16 00:37 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2011-09-15 23:04 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll 2011-09-15 23:04 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll 2011-09-15 23:04 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys 2011-09-15 22:55 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll 2011-09-15 22:55 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll 2011-09-15 22:54 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll 2011-09-15 22:54 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2011-09-15 22:54 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2011-09-15 22:54 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2011-09-15 22:54 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2011-09-15 22:54 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2011-09-15 22:54 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE 2011-09-15 22:54 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe 2011-09-15 22:52 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2011-09-15 22:51 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll 2011-09-15 22:50 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl 2011-09-15 22:41 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2011-09-15 22:41 . 2009-07-15 10:21 43520 ----a-w- c:\windows\system32\msdxm.tlb 2011-09-15 22:41 . 2009-07-15 10:21 18432 ----a-w- c:\windows\system32\amcompat.tlb 2011-09-15 22:33 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll 2011-09-15 22:33 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll 2011-09-15 22:33 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll 2011-09-15 22:33 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll 2011-09-15 22:33 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe 2011-09-15 22:33 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-09-15 22:33 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe 2011-09-15 22:33 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe 2011-09-15 22:31 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll 2011-09-15 22:31 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2011-09-15 22:31 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll 2011-09-15 22:31 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-15 22:30 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll 2011-09-15 22:30 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2011-09-15 22:30 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll 2011-09-15 22:30 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2011-09-13 13:30 . 2011-09-13 13:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-17 00:14 . 2011-01-08 00:01 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-09-01 00:00 . 2011-07-18 20:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-08 13:08 . 2011-08-08 13:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2011-09-30 18:23 . 2011-03-29 21:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680] . [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2011-09-01 16:16 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080] "Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616] "Desktop Software"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416] "NDSTray.exe"="NDSTray.exe" [bU] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-18 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Users^Matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] path=c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] 2008-07-31 22:26 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2008-07-11 01:35 188416 ----a-w- c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-08-19 08:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMAgent] 2007-12-14 02:52 143360 ----a-w- c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-06-25 22:06 145944 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-04-08 19:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664] R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x] R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216] R4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248] S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2011-08-19 2399560] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-07-11 40960] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152] S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-21 67904] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416] S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392] S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976] S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-19 246600] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216] S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544] S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 01:44] . 2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 01:44] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 68.87.69.150 68.87.85.102 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\c0054sgs.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e4e9edc&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q= . - - - - ORPHANS REMOVED - - - - . AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-10 15:38 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????m5uk????h????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2011-10-10 15:47:42 ComboFix-quarantined-files.txt 2011-10-10 22:47 ComboFix2.txt 2011-10-01 00:41 . Pre-Run: 176,147,312,640 bytes free Post-Run: 176,118,583,296 bytes free . - - End Of File - - 57DF1FE4ACEF3BA8099C82AC889FEBE6 ____ ESET: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=2880ab103de6ad4a9257e7a7116df4df # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-11 01:16:31 # local_time=2011-10-10 06:16:31 (-0800, Pacific Daylight Time) # country="United States" # lang=9 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1024 16777215 100 0 969774 969774 0 0 # compatibility_mode=5892 16776574 100 95 1988275 154896061 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=134453 # found=3 # cleaned=3 # scan_time=7258 C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3b21af6c-4aa77bda a variant of Java/Agent.DT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Matt\Downloads\cnet_RegpairSetup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C ____ Security Check: Results of screen317's Security Check version 0.99.24 Windows Vista Service Pack 2 x86 (UAC is disabled!) Internet Explorer 8 Out of date! `````````````````````````````` Antivirus/Firewall Check: AVG 2012 ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 22 Java 6 Update 26 Java 6 Update 4 Java 6 Update 6 Out of date Java installed! Adobe Flash Player 9 (Out of date Flash Player installed!) Adobe Flash Player ( 10.1.102.64) Flash Player Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe ``````````End of Log```````````` ____ I appreciate your help with this. Please let me know what to do next. Combofix log2.txt ESET log.txt Security Check checkup.txt

Hey there. Ran Combofix, here's the log: ComboFix 11-09-30.05 - Matt 09/30/2011 17:06:48.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1376 [GMT -7:00] Running from: c:\users\Matt\Downloads\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . /wow section - STAGE 48 grep: temp2401: No such file or directory . /wow section - STAGE 50 . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Bing Toolbar\tbHElper.dll c:\program files\StartNow Toolbar\ToOLbar32.dll c:\programdata\vlc-1.1.5-win32.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_Updater_Service_for_StartNow_Toolbar -------\Service_Updater Service for StartNow Toolbar . . ((((((((((((((((((((((((( Files Created from 2011-09-01 to 2011-10-01 ))))))))))))))))))))))))))))))) . . 2011-10-01 00:21 . 2011-10-01 00:31 -------- d-----w- c:\users\Matt\AppData\Local\temp 2011-10-01 00:21 . 2011-10-01 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-19 21:42 . 2011-09-19 21:42 -------- d-----w- c:\program files\Windows Portable Devices 2011-09-19 17:52 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2011-09-19 17:52 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe 2011-09-19 17:52 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll 2011-09-19 17:51 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2011-09-19 17:51 . 2009-10-01 01:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys 2011-09-19 17:51 . 2009-10-01 01:01 839168 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll 2011-09-19 17:35 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2011-09-19 02:37 . 2011-01-20 16:08 478720 ----a-w- c:\windows\system32\dxgi.dll 2011-09-19 02:37 . 2011-01-20 16:37 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-09-19 02:37 . 2011-01-20 16:07 37376 ----a-w- c:\windows\system32\cdd.dll 2011-09-19 02:36 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-09-19 02:35 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2011-09-19 02:35 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2011-09-19 02:35 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2011-09-19 02:35 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-09-19 02:35 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-09-19 02:35 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-09-19 02:35 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll 2011-09-19 02:35 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll 2011-09-19 02:35 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2011-09-19 02:32 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2011-09-19 02:30 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-09-19 02:18 . 2011-10-01 00:28 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2011-09-19 02:01 . 2011-09-19 02:01 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2011-09-19 02:01 . 2011-09-19 02:02 -------- d-----w- c:\program files\AVG Secure Search 2011-09-19 01:58 . 2011-09-19 01:58 -------- d-----w- c:\users\Matt\AppData\Roaming\AVG2012 2011-09-19 01:53 . 2011-09-19 02:15 -------- d-----w- c:\programdata\AVG2012 2011-09-17 01:45 . 2011-09-17 01:45 388096 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-09-17 01:04 . 2011-09-17 01:04 -------- d-----w- c:\users\Matt\AppData\Roaming\OpenOffice.org 2011-09-17 00:51 . 2011-09-17 00:51 -------- d-----w- c:\program files\OpenOffice.org 3 2011-09-17 00:18 . 2011-09-17 00:18 -------- d-----w- c:\users\Matt\AppData\Local\WindowsUpdate 2011-09-16 23:53 . 2011-09-16 23:53 -------- d-----w- c:\users\Matt\AppData\Local\Secunia PSI 2011-09-16 23:53 . 2011-09-16 23:53 -------- d-----w- c:\program files\Secunia 2011-09-16 22:53 . 2011-09-16 22:57 -------- d-----w- c:\windows\system32\ca-ES 2011-09-16 22:53 . 2011-09-16 22:57 -------- d-----w- c:\windows\system32\eu-ES 2011-09-16 22:15 . 2009-04-11 06:27 57856 ----a-w- c:\windows\system32\compcln.exe 2011-09-16 22:08 . 2009-04-11 06:28 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2011-09-16 22:01 . 2011-09-16 22:01 -------- d-----w- c:\windows\system32\EventProviders 2011-09-16 21:21 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-09-16 21:21 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-09-16 00:37 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2011-09-15 23:04 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll 2011-09-15 23:04 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys 2011-09-15 22:55 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll 2011-09-15 22:54 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2011-09-15 22:54 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE 2011-09-15 22:54 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe 2011-09-15 22:53 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll 2011-09-15 22:53 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2011-09-15 22:53 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2011-09-15 22:53 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2011-09-15 22:53 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2011-09-15 22:53 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll 2011-09-15 22:53 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2011-09-15 22:51 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll 2011-09-15 22:50 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll 2011-09-15 22:50 . 2010-01-21 15:05 62464 ----a-w- c:\windows\system32\l3codeca.acm 2011-09-15 22:50 . 2009-04-11 06:27 220672 ----a-w- c:\windows\system32\l3codecp.acm 2011-09-15 22:41 . 2009-07-15 10:21 18432 ----a-w- c:\windows\system32\amcompat.tlb 2011-09-15 22:33 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-09-15 22:33 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe 2011-09-15 22:32 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2011-09-15 22:32 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll 2011-09-15 22:32 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe 2011-09-15 22:32 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2011-09-15 22:32 . 2009-04-11 06:28 136192 ----a-w- c:\windows\system32\aaclient.dll 2011-09-15 22:31 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll 2011-09-15 22:31 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-15 22:30 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2011-09-03 01:58 . 2011-09-03 01:58 -------- d-----w- c:\program files\iPod 2011-09-03 01:50 . 2011-09-03 01:50 -------- d-----w- c:\program files\Bonjour 2011-09-03 00:40 . 2011-09-03 00:40 -------- d-----w- c:\program files\Apple Software Update 2011-09-03 00:18 . 2011-09-03 00:26 -------- d-----w- c:\program files\Free Window Registry Repair 2011-09-03 00:12 . 2011-10-01 00:20 -------- d-----w- c:\program files\StartNow Toolbar . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-17 00:14 . 2011-01-08 00:01 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-09-01 00:00 . 2011-07-18 20:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-08 13:08 . 2011-08-08 13:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2011-07-23 11:04 . 2011-09-19 02:31 916480 ----a-w- c:\windows\system32\wininet.dll 2011-07-23 11:00 . 2011-09-19 02:31 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-07-23 09:25 . 2011-09-19 02:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 18:20 . 2011-07-12 18:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 18:20 . 2011-07-12 18:20 178536 ----a-w- c:\windows\system32\dnssdX.dll 2011-07-11 13:25 . 2011-09-19 02:38 2048 ----a-w- c:\windows\system32\tzres.dll 2011-07-11 08:14 . 2011-07-11 08:14 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2011-07-11 08:14 . 2011-07-11 08:14 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys 2011-07-11 08:14 . 2011-07-11 08:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys 2011-07-11 08:14 . 2011-07-11 08:14 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys 2011-07-11 08:13 . 2011-07-11 08:13 134736 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys 2011-07-11 08:13 . 2011-07-11 08:13 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-07-11 08:13 . 2011-07-11 08:13 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-09-30 18:23 . 2011-03-29 21:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680] . [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2011-09-01 16:16 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080] "Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616] "Desktop Software"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416] "NDSTray.exe"="NDSTray.exe" [bU] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-08 2401120] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-18 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Users^Matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] path=c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] 2008-07-31 22:26 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2008-07-11 01:35 188416 ----a-w- c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-08-19 08:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMAgent] 2007-12-14 02:52 143360 ----a-w- c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-06-25 22:06 145944 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-04-08 19:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664] R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x] R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216] R4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-07-11 32464] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248] S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2011-08-19 2399560] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-01 5265248] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-07-11 40960] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152] S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-21 67904] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416] S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392] S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976] S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-19 246600] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216] S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544] S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 01:44] . 2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 01:44] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 68.87.69.150 68.87.85.102 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\c0054sgs.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e4e9edc&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q= . - - - - ORPHANS REMOVED - - - - . HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-30 17:31 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????m5uk????h????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(4748) c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\system32\WLANExt.exe c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\AVG\AVG2012\avgemcx.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe c:\windows\system32\TODDSrv.exe c:\program files\Toshiba\Power Saver\TosCoSrv.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\windows\RtHDVCpl.exe c:\program files\Toshiba\ConfigFree\NDSTray.exe c:\windows\system32\igfxsrvc.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-09-30 17:41:25 - machine was rebooted ComboFix-quarantined-files.txt 2011-10-01 00:41 . Pre-Run: 176,151,060,480 bytes free Post-Run: 175,927,291,904 bytes free . - - End Of File - - A3DE28D5D07D122612790F99806FA388 log.txt

BUMP

Thank you for the response. Here are the logs you requested: MBAM: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7745 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 9/18/2011 7:49:39 PM mbam-log-2011-09-18 (19-49-39).txt Scan type: Quick scan Objects scanned: 171022 Time elapsed: 25 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) _______DDS.txt DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_26 Run by Matt at 20:10:48 on 2011-09-18 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1252 [GMT -7:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2012\avgfws.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\NLSSRV32.EXE C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Secunia\PSI\sua.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k netsvcs C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart uInternet Settings,ProxyOverride = *.local uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\bing toolbar\tbhelper.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\bing toolbar\tbcore3.dll TB: Bing Toolbar: {10000000-1000-1000-1000-100000000000} - c:\program files\bing toolbar\tbcore3.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe uRun: [universal Installer] "c:\program files\comcastui\universal installer\uinstaller.exe" /fromrun /starthidden uRun: [Desktop Software] "c:\program files\comcastui\universal installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [NDSTray.exe] NDSTray.exe mRun: [cfFncEnabler.exe] cfFncEnabler.exe mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\users\matt\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 68.87.69.150 68.87.85.102 TCP: Interfaces\{893B2CFC-3475-44C8-99CF-92BDECEB9778} : DhcpNameServer = 68.87.69.150 68.87.85.102 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\c0054sgs.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e4e9edc&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q= FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464] R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 47968] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248] R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-8-19 2399560] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-1 5265248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-7-10 40960] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-18 366152] R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-20 67904] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-18 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-18 399416] R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-14 46392] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976] R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-9-18 246600] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-14 7168] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-18 22216] R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664] S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-20 9216] S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-7-18 1025352] S4 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488] . =============== Created Last 30 ================ . 2011-09-19 02:18:31 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2011-09-19 02:01:57 -------- d-----w- c:\program files\common files\AVG Secure Search 2011-09-19 02:01:56 -------- d-----w- c:\program files\AVG Secure Search 2011-09-19 01:58:15 -------- d-----w- c:\users\matt\appdata\roaming\AVG2012 2011-09-19 01:53:48 -------- d-----w- c:\programdata\AVG2012 2011-09-17 01:45:05 388096 ----a-r- c:\users\matt\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-09-17 01:04:19 -------- d-----w- c:\users\matt\appdata\roaming\OpenOffice.org 2011-09-17 00:51:47 -------- d-----w- c:\program files\OpenOffice.org 3 2011-09-17 00:18:40 -------- d-----w- c:\users\matt\appdata\local\WindowsUpdate 2011-09-16 23:53:58 -------- d-----w- c:\users\matt\appdata\local\Secunia PSI 2011-09-16 23:53:50 -------- d-----w- c:\program files\Secunia 2011-09-16 22:53:09 -------- d-----w- c:\windows\system32\eu-ES 2011-09-16 22:53:09 -------- d-----w- c:\windows\system32\ca-ES 2011-09-16 22:53:08 -------- d-----w- c:\windows\system32\vi-VN 2011-09-16 22:45:56 -------- d-----w- c:\windows\system32\SPReview 2011-09-16 22:15:45 928768 ----a-w- c:\windows\system32\scavenge.dll 2011-09-16 22:15:34 57856 ----a-w- c:\windows\system32\compcln.exe 2011-09-16 22:08:59 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll 2011-09-16 22:01:37 -------- d-----w- c:\windows\system32\EventProviders 2011-09-16 21:21:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-09-16 21:21:37 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-09-16 18:49:47 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin 2011-09-16 00:37:22 7680 ----a-w- c:\program files\internet explorer\iecompat.dll 2011-09-15 23:09:15 41984 ----a-w- c:\windows\system32\netfxperf.dll 2011-09-15 23:04:06 24064 ----a-w- c:\windows\system32\nshhttp.dll 2011-09-15 23:04:04 411648 ----a-w- c:\windows\system32\drivers\http.sys 2011-09-15 23:04:04 30720 ----a-w- c:\windows\system32\httpapi.dll 2011-09-15 22:55:26 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-09-15 22:55:25 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-09-15 22:55:24 1205080 ----a-w- c:\windows\system32\ntdll.dll 2011-09-15 22:55:17 1696256 ----a-w- c:\windows\system32\gameux.dll 2011-09-15 22:54:31 105984 ----a-w- c:\windows\system32\netiohlp.dll 2011-09-15 22:54:30 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2011-09-15 22:54:30 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2011-09-15 22:54:30 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2011-09-15 22:54:30 19968 ----a-w- c:\windows\system32\ARP.EXE 2011-09-15 22:54:30 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2011-09-15 22:54:30 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2011-09-15 22:54:30 10240 ----a-w- c:\windows\system32\finger.exe 2011-09-15 22:54:29 17920 ----a-w- c:\windows\system32\netevent.dll 2011-09-15 22:52:59 7680 ----a-w- c:\windows\system32\spwmp.dll 2011-09-15 22:51:57 1616384 ----a-w- c:\program files\windows mail\msoe.dll 2011-09-15 22:50:58 714240 ----a-w- c:\windows\system32\timedate.cpl 2011-09-15 22:41:08 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2011-09-15 22:41:03 43520 ----a-w- c:\windows\system32\msdxm.tlb 2011-09-15 22:41:03 18432 ----a-w- c:\windows\system32\amcompat.tlb 2011-09-15 22:33:41 601600 ----a-w- c:\windows\system32\schedsvc.dll 2011-09-15 22:33:40 352768 ----a-w- c:\windows\system32\taskschd.dll 2011-09-15 22:33:40 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll 2011-09-15 22:33:40 270336 ----a-w- c:\windows\system32\taskcomp.dll 2011-09-15 22:33:40 171520 ----a-w- c:\windows\system32\taskeng.exe 2011-09-15 22:33:25 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-09-15 22:33:25 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-09-15 22:33:06 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe 2011-09-15 22:33:05 310784 ----a-w- c:\windows\system32\unregmp2.exe 2011-09-15 22:31:56 2048 ----a-w- c:\windows\system32\tzres.dll 2011-09-15 22:31:22 531968 ----a-w- c:\windows\system32\comctl32.dll 2011-09-15 22:31:16 1248768 ----a-w- c:\windows\system32\msxml3.dll 2011-09-15 22:31:12 243712 ----a-w- c:\windows\system32\rastls.dll 2011-09-15 22:31:05 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-15 22:30:59 60928 ----a-w- c:\windows\system32\msasn1.dll 2011-09-15 22:30:58 98304 ----a-w- c:\windows\system32\cabview.dll 2011-09-15 22:30:56 276992 ----a-w- c:\windows\system32\schannel.dll 2011-09-15 22:30:35 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2011-09-03 01:58:57 -------- d-----w- c:\program files\iPod 2011-09-03 01:50:43 -------- d-----w- c:\program files\Bonjour 2011-09-03 01:16:48 -------- d-----w- c:\windows\pss 2011-09-03 00:18:06 -------- d-----w- c:\program files\Free Window Registry Repair 2011-09-03 00:12:56 -------- d-----w- c:\program files\StartNow Toolbar 2011-08-30 20:33:42 95672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll . ==================== Find3M ==================== . 2011-09-17 00:14:25 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 18:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 18:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll 2011-07-11 08:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2011-07-11 08:14:02 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys 2011-07-11 08:14:02 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys 2011-07-11 08:14:00 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys 2011-07-11 08:13:58 134736 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys 2011-07-11 08:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-07-11 08:13:42 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts . ============= FINISH: 20:12:30.01 ===============

Hello, First of all, let me preface this by saying I'm not the most computer savvy person, so please bear with me. I have a three-year-old Toshiba Satellite laptop running Windows Vista Service Pack 2; I use the free versions of Malwarebytes and AVG. For the past few weeks, svchost.exe has been attempting to access malicious sites a few times per day, even when I don't have a browser open. AVG blocks them, though I do occasionally find and quarantine a few infected files per day since this started. Also, svchost.exe has been spiking my CPU usage to 100%, where it stays until I reboot. About two months ago, I clicked on something I shouldn't have and accidentally downloaded one of those fake antivirus programs, which I promptly removed. A couple weeks later, this trend started happening. Not sure if they're related. As you'll see, I have a few file sharing programs on my computer, but I hadn't use any of them directly before or since this issue came up. Previous to this, I've never had to deal with anything involving viruses, so I'm wondering what's going on. I know a few other people have reported similar problems on this forum, so I was hoping you could help me out and walk me through how to fix this. I don't really know what the protocol is here for a first post, but I recently downloaded HiJackThis and did a scan. Here is the log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:47:12 PM, on 9/16/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Bing Toolbar\tbhelper.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Bing Toolbar\tbcore3.dll O3 - Toolbar: Bing Toolbar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\Bing Toolbar\tbcore3.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 10468 bytes Any help would be greatly appreciated. Thanks!