Jump to content

A challenge for Malware Bytes Removal team


Recommended Posts

Hi new to the Malware bytes forum .

I have a very persistent hacker who has the the ability to make the Norton security team look like fools.

From what I have experienced this hacker has the ability to bust his way through any router firewall and any type of router.

No matter how many times you reformat or reset machines back to out of the box to factory conditions they get back in and start to steal any new software purchased .

Neither ,Norton , Mccaffee or Malware bytes has had any impact on the hack .

my suspicion is that it is a binary code hack to the bios which I am unable to flash away and whether it is on the hard drive or in the bios itself I am not sure..

But I am sure that no matter what antivirus I use they just dont pick up what is going on.

The Norton security team found files that shouldn't be on a computer but could find no way of stopping them from coming back.

This is definitely a malicious coder playing havoc with my family's pc's.

I have attached the hijack this file and noted that the winsock files are unrecognized ..

I guess thats all I should say until someone touches base with this post simply because the hacker seems to be following everything I say or do on the net even to the point of changing my login names in forums and on my pc..ie my pc name was peter pc and was changed to asky pc just to insult me I presume. :)

Whatever they are doing they have certainly thwarted every Antivirus and firewall I have tried.

So the challenge is now yours

thanks for your help if possible

hijackthis.log

Link to post
Share on other sites

  • Replies 88
  • Created
  • Last Reply

Top Posters In This Topic

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

This is indeed a rare case. It sounds like you could potentially have a BIOS infection, which are very rare.

To remove it will involve several steps. Do you have access to multiple computers? Are they all infected?

What brand of motherboard is in this PC?

Link to post
Share on other sites

Hi and thanks for the very speedy reply ..

The infection is definitely and any computer that touches this network .. At the moment I am working on my toshiba laptop which is the one that Norton spent 8 hrs on and couldn't get fixed. the winsock was reset but the problem of odd files just came straight back.. I did tell Norton they would need to look at the bios and hard drive but they just wouldn't listen.

The laptop is a toshiba L670 running win 7 home premium i5 processor and 4 gig of ram. As to the mother board not sure would you like me to try the toshiba site to see if I can get the details there..

I feel sure that it is a bios infection On my other machine that i used to use for photo editing I found my pictures were not getting uploaded and they were being diverted to somewhere else. When i noticed that windows photo gallery was asking me to convert files to .jxr files i knew that something was fishy . as far as I know that particular file is used in unix servers for image files and I dont use that type normally.. I investigated that machine thoroughly with Gparted and found a mysterious block on the hard drive that is still imoveable. I pulled that hard drice out and started my machine which started up with start up files for windows xp ... I dont use xp on my machines.. So I tried getting a new bios flash for the motherboard on that machine which is a pq5 se/r when trying the flash only 3 quarters of the chip gets flashed and the last portion remains blocked. on that particular machine I run windows 7 ultimate 64 bit quadcore 6600 nvidia 512 pci express card. Needless to say I have stopped using it altogether

Link to post
Share on other sites

I would like to get at least one machine back out of 4 . and I guess i would like my old asus machine to be up and running cleanly first as I devote most of my time to charity by way of photography for Australian native animal rescue net sites.. ( which incidentally are sufferng hacks as well )

I also upload hundreds of photos to facebook for the public to enjoy not just friends but public .I dont copywright my work because I want people with no funds to be able to take and print what they want. Thats just my little gift to the less fortunate people in this world.

Link to post
Share on other sites

should I send snaps of netstat statistics that show established connections that are popping even when the browser is not in use.???

Some lead to singapore yahoo mail so I guess the are reading my mail as well and may well be intercepting and answering mail on my behalf :) thats about how confidant I am

Link to post
Share on other sites

Good morning pgpav2003. :)

Let's start from the beginning.

First, please disconnect this computer from the network. Do not reconnect it at any point until it is clean.

Once you have disconnected it, please do the following:

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

Also, please download Malwarebytes Anti-Rootkit here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.

Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

=====

In your reply please provide the contents of the following logs:

  • ComboFix.txt.
  • Both MBAR logs.
  • Log from Norton.

Link to post
Share on other sites

Ok first part of the operation under way with my asus machine but I will be using will be using this laptop as the communication link and will be Fixing my old favourite first .........( It has the beef I need for my photographic work as well as windows 8 ) defender is easy to turn off .

Will post as soon as I have followed all you have asked.

Cheers and back soon

Link to post
Share on other sites

Hi as per request I am attaching tohe cmbo fix logs as well as

Mbam root kit beta logs.

I did notice that although my machine was fully booted and had

already heard the windows hello sounds that about a third of

the way through the scan that was running the windows wellcome

sound scheme activated again as if the machine had just booted

up again.

Am ready and waiting for the next part of the procedure as I

can see that combo fix has already found some things that the

Norton team did not find.

At this point i should also say I have had my Internet provider

give me a static IP address so that I can try and track some of

the suspicious out goings from my machines through the NETSTAT

command some of the ones that I have tracked led me to servers

that I had established connections with but I was unable to

access the pages. As mentioned previously i do a lot of photography

and one of the ip addresses led to cloud print which leaves me with

a deep suspicion that these hackers are stealing my pictures printing

them and selling them for profit.

I guess what they don't understand is I don't mind them using my work

but I do mind them entering my pc and taking it in such a way as no

one gets them except them.. They could quite easily copy my public pics

on FB without taking the full files from my pc

( sometimes even before they get to Face book )

Ok cheers for now and I await the next part of the process ..

combofix no av running.txt

combofix second run.txt

system-log mbam beta 1.txt

Link to post
Share on other sites

ComboFix 13-01-23.01 - pp 25/01/2013 1:58.2.1 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3059.2310 [GMT 10.5:30]

Running from: c:\users\pp\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-12-24 to 2013-01-24 )))))))))))))))))))))))))))))))

.

.

2013-01-24 15:32 . 2013-01-24 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-24 01:17 . 2013-01-14 16:19 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D6CD006-233C-49F8-B0FF-43196425A552}\mpengine.dll

2013-01-23 21:53 . 2013-01-23 21:53 -------- d---a-w- C:\gpatrted boot fix maybe

2013-01-23 16:42 . 2013-01-23 16:42 -------- d-----w- C:\found.000

2013-01-23 15:40 . 2013-01-23 15:40 -------- d-----w- c:\programdata\TP-LINK

2013-01-22 07:03 . 2013-01-22 07:03 -------- d-----w- c:\programdata\Malwarebytes

2013-01-22 07:03 . 2013-01-23 18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-21 12:31 . 2013-01-21 12:35 -------- d-----w- c:\program files\Google

2013-01-21 11:24 . 2013-01-21 11:24 -------- d-----w- c:\programdata\vrq_logs

2013-01-21 10:50 . 2013-01-21 10:50 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup

2013-01-21 10:50 . 2013-01-21 10:50 -------- d-----w- c:\program files\Norton PC Checkup

2013-01-21 10:49 . 2013-01-23 18:06 -------- d-----w- c:\windows\system32\drivers\NIS

2013-01-21 10:49 . 2013-01-23 18:04 -------- d-----w- c:\programdata\Norton

2013-01-21 10:49 . 2013-01-23 18:03 -------- d-----w- c:\program files\Norton Internet Security

2013-01-21 10:49 . 2013-01-23 17:40 -------- d-----w- c:\program files\NortonInstaller

2013-01-21 10:49 . 2013-01-23 18:01 -------- d-----w- c:\program files\Microsoft Office Suite Activation Assistant

2013-01-21 10:48 . 2013-01-23 18:02 -------- d-----w- c:\program files\Microsoft Small Business

2013-01-21 10:45 . 2013-01-21 10:47 -------- d-----w- c:\program files\Microsoft SQL Server

2013-01-21 10:43 . 2013-01-23 18:02 -------- d-----w- c:\program files\Microsoft Works

2013-01-21 10:42 . 2013-01-23 18:04 -------- d-----w- c:\programdata\Microsoft Help

2013-01-21 10:42 . 2013-01-23 18:00 -------- d-----r- C:\MSOCache

2013-01-21 10:40 . 2013-01-23 18:02 -------- d-----w- c:\program files\MSN Toolbar

2013-01-21 10:40 . 2013-01-23 18:00 -------- d-----w- c:\program files\Bing Bar Installer

2013-01-21 10:35 . 2013-01-21 10:38 -------- d-----w- c:\program files\TOSHIBA Games

2013-01-21 10:35 . 2013-01-21 10:38 -------- d-----w- c:\programdata\WildTangent

2013-01-21 10:31 . 2013-01-21 10:39 -------- d-----w- c:\program files\Microsoft Silverlight

2013-01-21 10:31 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2013-01-21 10:31 . 2013-01-23 18:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2013-01-21 10:30 . 2013-01-21 10:30 -------- d-----w- c:\program files\Microsoft

2013-01-21 10:30 . 2013-01-21 10:30 -------- d-----w- c:\program files\Windows Live SkyDrive

2013-01-21 10:30 . 2013-01-21 10:31 -------- d-----w- c:\program files\Windows Live

2013-01-21 10:30 . 2013-01-21 10:30 -------- d-----w- c:\windows\PCHEALTH

2013-01-21 10:29 . 2013-01-21 10:29 -------- d-----w- c:\program files\Common Files\Windows Live

2013-01-21 10:28 . 2013-01-21 10:28 -------- d-----w- c:\windows\system32\Macromed

2013-01-21 10:27 . 2013-01-21 10:27 -------- d-----w- c:\program files\Common Files\InterVideo

2013-01-21 10:27 . 2013-01-21 10:27 -------- d-----w- c:\program files\Common Files\Protexis

2013-01-21 10:27 . 2013-01-21 10:27 -------- d-----w- c:\programdata\Corel

2013-01-21 10:27 . 2013-01-21 10:27 -------- d-----w- c:\program files\Corel

2013-01-21 10:26 . 2009-07-28 23:43 128344 ----a-w- c:\windows\system32\TODDSrv.exe

2013-01-21 10:24 . 2009-06-23 01:04 24064 ----a-w- c:\windows\system32\drivers\PGEffect.sys

2013-01-21 10:24 . 2013-01-21 10:26 -------- d-----w- c:\programdata\Toshiba

2013-01-21 10:22 . 2013-01-21 10:22 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll

2013-01-21 10:22 . 2013-01-21 10:22 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

2013-01-21 10:22 . 2013-01-21 10:22 -------- d-----w- c:\program files\Broadcom

2013-01-21 10:22 . 2013-01-21 10:22 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll

2013-01-21 10:22 . 2013-01-21 10:22 3555328 ----a-w- c:\windows\system32\bcmihvui.dll

2013-01-21 10:22 . 2013-01-21 10:22 2707448 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS

2013-01-21 10:21 . 2013-01-21 10:21 -------- d-----w- c:\program files\CONEXANT

2013-01-21 10:20 . 2013-01-21 10:20 -------- d-----w- c:\windows\system32\sda

2013-01-21 10:20 . 2010-01-07 17:05 182304 ----a-w- c:\windows\system32\drivers\RtsUStor.sys

2013-01-21 10:20 . 2010-01-07 17:05 7367200 ----a-w- c:\windows\system32\RTSUSTORicon.dll

2013-01-21 10:20 . 2010-01-07 17:05 313888 ----a-w- c:\windows\system32\RtsUStor.dll

2013-01-21 10:19 . 2013-01-21 10:19 -------- d-----w- c:\program files\Synaptics

2013-01-21 10:17 . 1999-10-13 02:47 24576 ----a-w- c:\windows\system32\TSCI.dll

2013-01-21 10:17 . 1999-10-13 02:45 24576 ----a-w- c:\windows\system32\THCI.dll

2013-01-21 10:17 . 2010-01-06 08:46 154144 ----a-w- c:\windows\system32\RTInstaller32.exe

2013-01-21 10:16 . 2010-01-12 22:37 257568 ----a-w- c:\windows\system32\drivers\Rt86win7.sys

2013-01-21 10:16 . 2010-01-06 08:39 100896 ----a-w- c:\windows\system32\RTNUninst32.dll

2013-01-21 10:16 . 2009-12-04 01:27 80416 ----a-w- c:\windows\system32\RtNicProp32.dll

2013-01-21 10:16 . 2010-03-05 00:44 24576 ----a-w- c:\windows\system32\TSBWLS.dll

2013-01-21 10:16 . 2010-03-05 00:44 45056 ----a-w- c:\windows\system32\HWS_Ctrl.dll

2013-01-21 10:16 . 2013-01-21 10:16 -------- d-----w- c:\windows\system32\Microsoft.VC80.MFC

2013-01-21 10:16 . 2013-01-21 10:18 -------- d-----w- c:\programdata\win7_32

2013-01-21 10:16 . 2013-01-21 10:16 -------- d-----w- c:\programdata\xp

2013-01-21 10:16 . 2013-01-21 10:16 -------- d-----w- c:\programdata\win7_64

2013-01-21 10:16 . 2013-01-21 10:16 -------- d-----w- c:\programdata\vista64

2013-01-21 10:16 . 2013-01-21 10:16 -------- d-----w- c:\programdata\vista32

2013-01-21 10:15 . 2013-01-21 10:26 -------- d-----w- c:\windows\Downloaded Installations

2013-01-21 10:13 . 2013-01-21 10:13 -------- d-----w- c:\programdata\ATI

2013-01-21 10:13 . 2013-01-21 10:13 0 ----a-w- c:\windows\ativpsrm.bin

2013-01-21 10:10 . 2010-01-15 20:06 433176 ----a-w- c:\windows\system32\drivers\iaStor.sys

2013-01-21 10:10 . 2013-01-21 10:10 -------- d-----w- C:\Intel

2013-01-21 10:09 . 2013-01-21 10:09 -------- d-----w- c:\program files\Common Files\postureAgent

2013-01-21 10:09 . 2009-09-17 20:54 41088 ----a-w- c:\windows\system32\drivers\HECI.sys

2013-01-21 10:07 . 2013-01-21 10:10 -------- d-----w- c:\program files\Intel

2013-01-21 10:07 . 2009-11-19 00:03 53248 ----a-w- c:\windows\system32\CSVer.dll

2013-01-21 10:06 . 2013-01-23 17:42 -------- d-----w- C:\TOSHIBA

2013-01-21 09:26 . 2013-01-23 17:59 -------- d-----w- c:\program files\Norton Management

2013-01-21 09:26 . 2013-01-21 09:26 -------- d-----w- c:\windows\system32\drivers\MCLIENT

2013-01-20 18:34 . 2013-01-23 18:11 -------- d-----w- c:\users\pp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-22 8546848]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-03-22 686624]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-05 425984]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-03 742712]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]

"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-10-20 163840]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]

"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2010-04-06 1328480]

"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-24 611672]

"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1407.0\mswinext.exe" [2010-03-12 243032]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]

"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-19 467816]

"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]

R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]

S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [x]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe [x]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe [x]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [x]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HsfXAudioService REG_MULTI_SZ HsfXAudioService

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://toshiba.msn.com

TCP: DhcpNameServer = 192.168.0.1

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.3.202\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:00000009

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-25 02:03:41

ComboFix-quarantined-files.txt 2013-01-24 15:33

ComboFix2.txt 2013-01-24 02:24

.

Pre-Run: 607,226,130,432 bytes free

Post-Run: 607,190,212,608 bytes free

.

- - End Of File - - 03E7A7176166B7E7A04AA5D81E77748C

Link to post
Share on other sites

ComboFix 13-01-23.01 - pp 25/01/2013 2:44.3.1 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3059.2328 [GMT 10.5:30]

Running from: c:\users\pp\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-12-24 to 2013-01-24 )))))))))))))))))))))))))))))))

.

.

2013-01-24 16:17 . 2013-01-24 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-24 01:17 . 2013-01-14 16:19 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D6CD006-233C-49F8-B0FF-43196425A552}\mpengine.dll

2013-01-23 21:53 . 2013-01-23 21:53 -------- d---a-w- C:\gpatrted boot fix maybe

2013-01-23 16:42 . 2013-01-23 16:42 -------- d-----w- C:\found.000

2013-01-23 15:40 . 2013-01-23 15:40 -------- d-----w- c:\programdata\TP-LINK

2013-01-22 07:03 . 2013-01-22 07:03 -------- d-----w- c:\programdata\Malwarebytes

2013-01-22 07:03 . 2013-01-23 18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-21 12:31 . 2013-01-21 12:35 -------- d-----w- c:\program files\Google

2013-01-21 11:24 . 2013-01-21 11:24 -------- d-----w- c:\programdata\vrq_logs

2013-01-21 10:50 . 2013-01-21 10:50 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup

2013-01-21 10:50 . 2013-01-21 10:50 -------- d-----w- c:\program files\Norton PC Checkup

2013-01-21 10:49 . 2013-01-23 18:06 -------- d-----w- c:\windows\system32\drivers\NIS

2013-01-21 10:49 . 2013-01-23 18:04 -------- d-----w- c:\programdata\Norton

2013-01-21 10:49 . 2013-01-23 18:03 -------- d-----w- c:\program files\Norton Internet Security

2013-01-21 10:49 . 2013-01-23 17:40 -------- d-----w- c:\program files\NortonInstaller

2013-01-21 10:49 . 2013-01-23 18:01 -------- d-----w- c:\program files\Microsoft Office Suite Activation Assistant

2013-01-21 10:48 . 2013-01-23 18:02 -------- d-----w- c:\program files\Microsoft Small Business

2013-01-21 10:45 . 2013-01-21 10:47 -------- d-----w- c:\program files\Microsoft SQL Server

2013-01-21 10:43 . 2013-01-23 18:02 -------- d-----w- c:\program files\Microsoft Works

2013-01-21 10:42 . 2013-01-23 18:04 -------- d-----w- c:\programdata\Microsoft Help

2013-01-21 10:42 . 2013-01-23 18:00 -------- d-----r- C:\MSOCache

2013-01-21 10:40 . 2013-01-23 18:02 -------- d-----w- c:\program files\MSN Toolbar

2013-01-21 10:40 . 2013-01-23 18:00 -------- d-----w- c:\program files\Bing Bar Installer

2013-01-21 10:35 . 2013-01-21 10:38 -------- d-----w- c:\program files\TOSHIBA Games

2013-01-21 10:35 . 2013-01-21 10:38 -------- d-----w- c:\programdata\WildTangent

2013-01-21 10:31 . 2013-01-21 10:39 -------- d-----w- c:\program files\Microsoft Silverlight

2013-01-21 10:31 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2013-01-21 10:31 . 2013-01-23 18:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2013-01-21 10:30 . 2013-01-21 10:30 -------- d-----w- c:\program files\Microsoft

2013-01-21 10:30 . 2013-01-21 10:30 -------- d-----w- c:\program files\Windows Live SkyDrive

2013-01-21 10:30 . 2013-01-21 10:31 -------- d-----w- c:\program files\Windows Live

2013-01-21 10:30 . 2013-01-21 10:30 -------- d-----w- c:\windows\PCHEALTH

2013-01-21 10:29 . 2013-01-21 10:29 -------- d-----w- c:\program files\Common Files\Windows Live

2013-01-21 10:28 . 2013-01-21 10:28 -------- d-----w- c:\windows\system32\Macromed

2013-01-21 10:27 . 2013-01-21 10:27 -------- d-----w- c:\program files\Common Files\InterVideo

2013-01-21 10:27 . 2013-01-21 10:27 -------- d-----w- c:\program files\Common Files\Protexis

2013-01-21 10:27 . 2013-01-21 10:27 -------- d-----w- c:\programdata\Corel

2013-01-21 10:27 . 2013-01-21 10:27 -------- d-----w- c:\program files\Corel

2013-01-21 10:26 . 2009-07-28 23:43 128344 ----a-w- c:\windows\system32\TODDSrv.exe

2013-01-21 10:24 . 2009-06-23 01:04 24064 ----a-w- c:\windows\system32\drivers\PGEffect.sys

2013-01-21 10:24 . 2013-01-21 10:26 -------- d-----w- c:\programdata\Toshiba

2013-01-21 10:22 . 2013-01-21 10:22 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll

2013-01-21 10:22 . 2013-01-21 10:22 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

2013-01-21 10:22 . 2013-01-21 10:22 -------- d-----w- c:\program files\Broadcom

2013-01-21 10:22 . 2013-01-21 10:22 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll

2013-01-21 10:22 . 2013-01-21 10:22 3555328 ----a-w- c:\windows\system32\bcmihvui.dll

2013-01-21 10:22 . 2013-01-21 10:22 2707448 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS

2013-01-21 10:21 . 2013-01-21 10:21 -------- d-----w- c:\program files\CONEXANT

2013-01-21 10:20 . 2013-01-21 10:20 -------- d-----w- c:\windows\system32\sda

2013-01-21 10:20 . 2010-01-07 17:05 182304 ----a-w- c:\windows\system32\drivers\RtsUStor.sys

2013-01-21 10:20 . 2010-01-07 17:05 7367200 ----a-w- c:\windows\system32\RTSUSTORicon.dll

2013-01-21 10:20 . 2010-01-07 17:05 313888 ----a-w- c:\windows\system32\RtsUStor.dll

2013-01-21 10:19 . 2013-01-21 10:19 -------- d-----w- c:\program files\Synaptics

2013-01-21 10:17 . 1999-10-13 02:47 24576 ----a-w- c:\windows\system32\TSCI.dll

2013-01-21 10:17 . 1999-10-13 02:45 24576 ----a-w- c:\windows\system32\THCI.dll

2013-01-21 10:17 . 2010-01-06 08:46 154144 ----a-w- c:\windows\system32\RTInstaller32.exe

2013-01-21 10:16 . 2010-01-12 22:37 257568 ----a-w- c:\windows\system32\drivers\Rt86win7.sys

2013-01-21 10:16 . 2010-01-06 08:39 100896 ----a-w- c:\windows\system32\RTNUninst32.dll

2013-01-21 10:16 . 2009-12-04 01:27 80416 ----a-w- c:\windows\system32\RtNicProp32.dll

2013-01-21 10:16 . 2010-03-05 00:44 24576 ----a-w- c:\windows\system32\TSBWLS.dll

2013-01-21 10:16 . 2010-03-05 00:44 45056 ----a-w- c:\windows\system32\HWS_Ctrl.dll

2013-01-21 10:16 . 2013-01-21 10:16 -------- d-----w- c:\windows\system32\Microsoft.VC80.MFC

2013-01-21 10:16 . 2013-01-21 10:18 -------- d-----w- c:\programdata\win7_32

2013-01-21 10:16 . 2013-01-21 10:16 -------- d-----w- c:\programdata\xp

2013-01-21 10:16 . 2013-01-21 10:16 -------- d-----w- c:\programdata\win7_64

2013-01-21 10:16 . 2013-01-21 10:16 -------- d-----w- c:\programdata\vista64

2013-01-21 10:16 . 2013-01-21 10:16 -------- d-----w- c:\programdata\vista32

2013-01-21 10:15 . 2013-01-21 10:26 -------- d-----w- c:\windows\Downloaded Installations

2013-01-21 10:13 . 2013-01-21 10:13 -------- d-----w- c:\programdata\ATI

2013-01-21 10:13 . 2013-01-21 10:13 0 ----a-w- c:\windows\ativpsrm.bin

2013-01-21 10:10 . 2010-01-15 20:06 433176 ----a-w- c:\windows\system32\drivers\iaStor.sys

2013-01-21 10:10 . 2013-01-21 10:10 -------- d-----w- C:\Intel

2013-01-21 10:09 . 2013-01-21 10:09 -------- d-----w- c:\program files\Common Files\postureAgent

2013-01-21 10:09 . 2009-09-17 20:54 41088 ----a-w- c:\windows\system32\drivers\HECI.sys

2013-01-21 10:07 . 2013-01-21 10:10 -------- d-----w- c:\program files\Intel

2013-01-21 10:07 . 2009-11-19 00:03 53248 ----a-w- c:\windows\system32\CSVer.dll

2013-01-21 10:06 . 2013-01-23 17:42 -------- d-----w- C:\TOSHIBA

2013-01-21 09:26 . 2013-01-23 17:59 -------- d-----w- c:\program files\Norton Management

2013-01-21 09:26 . 2013-01-21 09:26 -------- d-----w- c:\windows\system32\drivers\MCLIENT

2013-01-20 18:34 . 2013-01-23 18:11 -------- d-----w- c:\users\pp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-22 8546848]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-03-22 686624]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-05 425984]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-03 742712]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]

"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-10-20 163840]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]

"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2010-04-06 1328480]

"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-24 611672]

"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1407.0\mswinext.exe" [2010-03-12 243032]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]

"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-19 467816]

"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Z1"="c:\users\pp\Desktop\mbar\mbar.exe" [2013-01-24 1356360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]

R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]

S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [x]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe [x]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe [x]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [x]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HsfXAudioService REG_MULTI_SZ HsfXAudioService

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://toshiba.msn.com

TCP: DhcpNameServer = 192.168.0.1

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.3.202\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:00000009

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-25 02:49:03

ComboFix-quarantined-files.txt 2013-01-24 16:19

ComboFix2.txt 2013-01-24 15:33

ComboFix3.txt 2013-01-24 02:24

.

Pre-Run: 607,110,246,400 bytes free

Post-Run: 606,822,944,768 bytes free

.

- - End Of File - - CDFD94648BAEB40B5C6CD1C8D45FFF9A

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x86

Account is Administrative

Internet Explorer version: 8.0.7600.16385

Java version: 1.6.0_17

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.261000 GHz

Memory total: 3207249920, free: 2524540928

------------ Kernel report ------------

01/25/2013 02:11:30

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\halmacpi.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\ACPI.sys

\SystemRoot\system32\DRIVERS\WMILIB.SYS

\SystemRoot\system32\DRIVERS\msisadrv.sys

\SystemRoot\system32\DRIVERS\pci.sys

\SystemRoot\system32\DRIVERS\vdrvroot.sys

\SystemRoot\system32\DRIVERS\LPCFilter.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\DRIVERS\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\pciide.sys

\SystemRoot\system32\DRIVERS\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\DRIVERS\atapi.sys

\SystemRoot\system32\DRIVERS\ataport.SYS

\SystemRoot\system32\DRIVERS\msahci.sys

\SystemRoot\system32\DRIVERS\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\volsnap.sys

\SystemRoot\system32\DRIVERS\TVALZ_O.SYS

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\drivers\NIS\1105000.07F\SRTSPX.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atipmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECI.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\Rt86win7.sys

\SystemRoot\system32\DRIVERS\tosrfec.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\tdcmdpst.sys

\SystemRoot\system32\DRIVERS\Impcd.sys

\SystemRoot\system32\DRIVERS\TVALZFL.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RtHDMIV.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\RTKVHDA.sys

\SystemRoot\system32\DRIVERS\HSXHWAZL.sys

\SystemRoot\system32\DRIVERS\HSX_DPV.sys

\SystemRoot\system32\DRIVERS\HSX_CNXT.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\pgeffect.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\mdmxsdk.sys

\SystemRoot\system32\drivers\peauth.sys

\??\C:\windows\system32\drivers\regi.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\XAudio32.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\usp10.dll

\Windows\System32\iertutil.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\oleaut32.dll

\Windows\System32\advapi32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\wininet.dll

\Windows\System32\comdlg32.dll

\Windows\System32\sechost.dll

\Windows\System32\Wldap32.dll

\Windows\System32\normaliz.dll

\Windows\System32\ws2_32.dll

\Windows\System32\nsi.dll

\Windows\System32\difxapi.dll

\Windows\System32\shlwapi.dll

\Windows\System32\gdi32.dll

\Windows\System32\psapi.dll

\Windows\System32\ole32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\clbcatq.dll

\Windows\System32\lpk.dll

\Windows\System32\urlmon.dll

\Windows\System32\user32.dll

\Windows\System32\msctf.dll

\Windows\System32\imm32.dll

\Windows\System32\setupapi.dll

\Windows\System32\kernel32.dll

\Windows\System32\shell32.dll

\Windows\System32\devobj.dll

\Windows\System32\wintrust.dll

\Windows\System32\comctl32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\crypt32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\msasn1.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xffffffff89138700

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000072\

Lower Device Object: 0xffffffff891382c0

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8829c4b8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xffffffff86794028

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

Initialization returned 0x0

Load Function returned 0x0

No address found

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8829c4b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8829d020, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff8829c4b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff86794028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Upper DeviceData: 0xffffffffa29f24f0, 0xffffffff8829c4b8, 0xffffffff85c3e048

Lower DeviceData: 0xffffffffa2a46528, 0xffffffff86794028, 0xffffffff85c42648

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: EBF1B487

Partition information:

Partition 0 type is Other (0x27)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 3072000

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 3074048 Numsec = 1247184896

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xffffffff89138700, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff89137390, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff89138700, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff891382c0, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\

------------ End ----------

Upper DeviceData: 0xffffffffa29fa468, 0xffffffff89138700, 0xffffffff85b0cac8

Lower DeviceData: 0xffffffffa2a08550, 0xffffffff891382c0, 0xffffffff85bc3250

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: CDD04F8A

Partition information:

Partition 0 type is Other (0xb)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 2006610

Partition file system is FAT32

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1027416576 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

Link to post
Share on other sites

Good afternoon pgpav2003. :)

Thank you for posting the contents. Unfortunately nothing of concern found so far.

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

OTL logfile created on: 1/25/2013 11:10:18 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pp\Desktop

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.99 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 77.36% Memory free

5.97 Gb Paging File | 5.18 Gb Available in Paging File | 86.72% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 594.70 Gb Total Space | 565.22 Gb Free Space | 95.04% Space Free | Partition Type: NTFS

Drive E: | 975.79 Mb Total Space | 450.13 Mb Free Space | 46.13% Space Free | Partition Type: FAT32

Computer Name: PP-PC | User Name: pp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/25 23:03:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pp\Desktop\OTL.exe

PRC - [2010/04/07 09:19:20 | 000,189,808 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe

PRC - [2010/04/07 09:18:56 | 001,328,480 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\Teco.exe

PRC - [2010/03/23 05:51:04 | 000,686,624 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe

PRC - [2010/03/20 07:38:14 | 000,467,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

PRC - [2010/03/16 04:26:38 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2010/03/16 04:26:08 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2010/03/04 09:12:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/03/04 09:11:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/03/04 08:44:52 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

PRC - [2010/03/04 05:47:48 | 000,030,040 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

PRC - [2010/02/24 20:24:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

PRC - [2010/02/24 12:24:04 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

PRC - [2010/02/24 12:23:32 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

PRC - [2010/02/23 07:53:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2010/02/06 12:11:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

PRC - [2010/02/06 12:10:44 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

PRC - [2010/02/03 10:05:21 | 000,103,792 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe

PRC - [2010/01/29 11:14:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

PRC - [2009/12/26 09:51:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

PRC - [2009/12/09 19:35:51 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

PRC - [2009/11/12 09:01:32 | 000,022,840 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

PRC - [2009/11/06 16:34:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

PRC - [2009/11/06 16:34:12 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

PRC - [2009/10/31 16:15:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/09/30 17:29:26 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/08/25 09:19:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe

PRC - [2009/07/29 14:56:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

PRC - [2009/07/29 10:13:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

PRC - [2009/07/29 08:30:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

PRC - [2009/07/23 08:10:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe

PRC - [2009/03/11 13:21:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2009/02/21 04:16:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2007/07/25 05:45:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2007/01/05 14:18:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/21 20:42:36 | 001,708,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3726.17684__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll

MOD - [2013/01/21 20:42:36 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3726.17650__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll

MOD - [2013/01/21 20:42:36 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3726.17621__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll

MOD - [2013/01/21 20:42:36 | 000,380,928 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3726.17545__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll

MOD - [2013/01/21 20:42:36 | 000,356,352 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3726.17613__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll

MOD - [2013/01/21 20:42:36 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3726.17570__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll

MOD - [2013/01/21 20:42:36 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3726.17649__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll

MOD - [2013/01/21 20:42:36 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3726.17613__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll

MOD - [2013/01/21 20:42:36 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3726.17628__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll

MOD - [2013/01/21 20:42:36 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3726.17556__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll

MOD - [2013/01/21 20:42:36 | 000,069,632 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3726.17607__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll

MOD - [2013/01/21 20:42:36 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3726.17651__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll

MOD - [2013/01/21 20:42:36 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3726.17612__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll

MOD - [2013/01/21 20:42:36 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3726.17596__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll

MOD - [2013/01/21 20:42:36 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3726.17649__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll

MOD - [2013/01/21 20:42:36 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3726.17563__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll

MOD - [2013/01/21 20:42:36 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3726.17557__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll

MOD - [2013/01/21 20:42:36 | 000,013,312 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3726.17684__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll

MOD - [2013/01/21 20:42:35 | 001,294,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3726.17680__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll

MOD - [2013/01/21 20:42:35 | 000,827,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3726.17598__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll

MOD - [2013/01/21 20:42:35 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3726.17571__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll

MOD - [2013/01/21 20:42:35 | 000,397,312 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3726.17597__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll

MOD - [2013/01/21 20:42:35 | 000,376,832 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3726.17592__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll

MOD - [2013/01/21 20:42:35 | 000,323,584 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3726.17606__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll

MOD - [2013/01/21 20:42:35 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3726.17575__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll

MOD - [2013/01/21 20:42:35 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2013/01/21 20:42:35 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3726.17570__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll

MOD - [2013/01/21 20:42:35 | 000,151,552 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3726.17537__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3726.17534__90ba9c70f846762e\CLI.Foundation.dll

MOD - [2013/01/21 20:42:35 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3726.17598__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll

MOD - [2013/01/21 20:42:35 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3726.17604__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll

MOD - [2013/01/21 20:42:35 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3726.17628__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3726.17596__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll

MOD - [2013/01/21 20:42:35 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3726.17587__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3726.17612__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3726.17567__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3726.17596__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3726.17556__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll

MOD - [2013/01/21 20:42:35 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3726.17597__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll

MOD - [2013/01/21 20:42:35 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3726.17657__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll

MOD - [2013/01/21 20:42:35 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3726.17650__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3726.17604__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll

MOD - [2013/01/21 20:42:35 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3726.17575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll

MOD - [2013/01/21 20:42:35 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3726.17607__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3726.17605__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll

MOD - [2013/01/21 20:42:35 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3726.17533__90ba9c70f846762e\LOG.Foundation.dll

MOD - [2013/01/21 20:42:35 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3726.17556__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3726.17644__90ba9c70f846762e\CLI.Foundation.XManifest.dll

MOD - [2013/01/21 20:42:35 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3726.17623__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3726.17557__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3726.17567__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3726.17536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3726.17603__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3726.17536__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3726.17544__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3726.17535__90ba9c70f846762e\APM.Foundation.dll

MOD - [2013/01/21 20:42:35 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll

MOD - [2013/01/21 20:42:35 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll

MOD - [2013/01/21 20:42:35 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3726.17563__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3726.17555__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,015,360 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3726.17535__90ba9c70f846762e\NEWAEM.Foundation.dll

MOD - [2013/01/21 20:42:35 | 000,009,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3726.17651__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,008,192 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3726.17539__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,007,680 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3726.17536__90ba9c70f846762e\CLI.Component.Client.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll

MOD - [2013/01/21 20:42:35 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3726.17535__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,006,656 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3726.17544__90ba9c70f846762e\DEM.Graphics.dll

MOD - [2013/01/21 20:42:35 | 000,006,656 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3726.17540__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,006,656 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3726.17649__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,006,144 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3726.17541__90ba9c70f846762e\AEM.Server.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,005,632 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3726.17538__90ba9c70f846762e\MOM.Foundation.dll

MOD - [2013/01/21 20:42:35 | 000,005,632 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3726.17539__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,005,632 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3726.17657__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,005,632 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3726.17545__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll

MOD - [2013/01/21 20:42:35 | 000,005,632 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3726.17540__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll

MOD - [2013/01/21 20:42:34 | 001,220,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3726.17551__90ba9c70f846762e\CLI.Component.Dashboard.dll

MOD - [2013/01/21 20:42:34 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3726.17562__90ba9c70f846762e\CLI.Component.Wizard.dll

MOD - [2013/01/21 20:42:34 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3726.17644__90ba9c70f846762e\MOM.Implementation.dll

MOD - [2013/01/21 20:42:34 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3726.17642__90ba9c70f846762e\LOG.Foundation.Implementation.dll

MOD - [2013/01/21 20:42:34 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3726.17543__90ba9c70f846762e\CLI.Component.Runtime.dll

MOD - [2013/01/21 20:42:34 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3726.17542__90ba9c70f846762e\APM.Server.dll

MOD - [2013/01/21 20:42:34 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3726.17544__90ba9c70f846762e\CLI.Component.SkinFactory.dll

MOD - [2013/01/21 20:42:34 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3726.17539__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll

MOD - [2013/01/21 20:42:34 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3726.17541__90ba9c70f846762e\AEM.Server.dll

MOD - [2013/01/21 20:42:34 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3726.17539__90ba9c70f846762e\CLI.Foundation.Private.dll

MOD - [2013/01/21 20:42:34 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3726.17550__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll

MOD - [2013/01/21 20:42:34 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3726.17537__90ba9c70f846762e\LOG.Foundation.Private.dll

MOD - [2013/01/21 20:42:34 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll

MOD - [2013/01/21 20:42:34 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3726.17538__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll

MOD - [2013/01/21 20:42:34 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3726.17644__90ba9c70f846762e\CCC.Implementation.dll

MOD - [2013/01/21 20:42:34 | 000,011,776 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3726.17562__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll

MOD - [2013/01/21 20:42:34 | 000,010,240 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3726.17550__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll

MOD - [2013/01/21 20:42:34 | 000,008,704 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3726.17569__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll

MOD - [2013/01/21 20:42:34 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3726.17543__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll

MOD - [2013/01/21 20:42:34 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3726.17540__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll

MOD - [2010/03/04 08:44:58 | 000,016,184 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll

MOD - [2010/03/04 08:44:56 | 000,016,184 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll

MOD - [2010/03/04 08:44:32 | 008,783,160 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll

MOD - [2010/02/06 12:10:28 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

MOD - [2009/11/04 07:56:26 | 000,058,680 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll

MOD - [2009/10/14 04:30:02 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

MOD - [2009/07/26 05:37:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll

MOD - [2009/07/14 15:13:36 | 011,804,160 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll

MOD - [2009/07/14 15:13:30 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll

MOD - [2009/07/14 15:13:04 | 012,430,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll

MOD - [2009/07/14 15:12:57 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll

MOD - [2009/07/14 15:12:40 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll

MOD - [2009/07/14 15:12:37 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll

MOD - [2009/07/14 15:12:36 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll

MOD - [2009/07/14 15:12:30 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll

MOD - [2009/06/23 09:08:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll

MOD - [2009/03/13 13:38:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll

========== Services (SafeList) ==========

SRV - [2010/04/07 09:19:20 | 000,189,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV - [2010/03/16 04:26:08 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2010/03/04 09:12:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/03/04 09:11:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/02/26 07:36:34 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2010/02/24 12:23:32 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV - [2010/02/06 12:11:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV - [2010/02/03 10:05:21 | 000,103,792 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)

SRV - [2010/01/29 11:14:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)

SRV - [2009/12/09 19:35:51 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe -- (NIS)

SRV - [2009/12/04 13:00:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/11/06 16:34:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2009/10/07 03:51:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2009/08/25 09:19:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe -- (PCCUJobMgr)

SRV - [2009/07/29 10:13:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2009/07/14 11:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 11:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/04/30 05:51:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)

SRV - [2009/03/11 13:21:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2009/02/21 04:16:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2007/07/25 05:45:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2007/01/05 14:18:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20091209.020\NAVEX15.SYS -- (NAVEX15)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20091209.020\NAVENG.SYS -- (NAVENG)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\pp\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2010/03/16 04:35:44 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)

DRV - [2010/03/16 03:30:44 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2010/02/11 09:31:12 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)

DRV - [2010/01/08 03:35:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009/12/03 16:38:32 | 000,325,168 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\NIS\1105000.07F\srtsp.sys -- (SRTSP)

DRV - [2009/12/03 16:38:32 | 000,043,696 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1105000.07F\srtspx.sys -- (SRTSPX)

DRV - [2009/12/03 09:31:06 | 000,168,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)

DRV - [2009/09/18 07:24:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)

DRV - [2009/07/31 15:32:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)

DRV - [2009/07/31 12:15:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2009/07/15 09:58:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)

DRV - [2009/07/14 16:43:00 | 000,015,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)

DRV - [2009/07/14 08:43:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009/06/23 11:34:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)

DRV - [2009/06/20 14:01:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)

DRV - [2009/04/30 05:50:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)

DRV - [2007/04/18 14:39:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {F4ED0519-C584-4DDA-BE93-FA0B93D040F6}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com

IE - HKCU\..\SearchScopes,DefaultScope = {F4ED0519-C584-4DDA-BE93-FA0B93D040F6}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1407.0\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1407.0\Firefox [2013/01/24 04:32:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2013/01/24 04:32:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\

O1 HOSTS File: ([2013/01/24 12:53:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{046069D8-40B7-4B84-91BC-4D3050E7D36F}: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/11/27 07:53:26 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/25 23:08:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\pp\Desktop\OTL.exe

[2013/01/25 02:49:04 | 000,000,000 | ---D | C] -- C:\windows\temp

[2013/01/25 02:48:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/01/24 13:08:14 | 000,000,000 | ---D | C] -- C:\Users\pp\Desktop\mbar

[2013/01/24 13:01:44 | 000,000,000 | ---D | C] -- C:\Users\pp\Desktop\mbar-1.01.0.1016

[2013/01/24 12:54:56 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Local\temp

[2013/01/24 12:47:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2013/01/24 12:47:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2013/01/24 12:47:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2013/01/24 12:44:00 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/01/24 12:43:46 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2013/01/24 12:39:51 | 005,026,296 | R--- | C] (Swearware) -- C:\Users\pp\Desktop\ComboFix.exe

[2013/01/24 08:23:43 | 000,000,000 | ---D | C] -- C:\gpatrted boot fix maybe

[2013/01/24 04:53:05 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2013/01/24 04:45:19 | 000,000,000 | R--D | C] -- C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2013/01/24 04:45:19 | 000,000,000 | R--D | C] -- C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2013/01/24 03:12:51 | 000,000,000 | ---D | C] -- C:\found.000

[2013/01/24 02:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK

[2013/01/22 17:33:20 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Roaming\Malwarebytes

[2013/01/22 17:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/01/22 17:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/01/22 02:04:40 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Local\ElevatedDiagnostics

[2013/01/21 23:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2013/01/21 23:00:57 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Local\Google

[2013/01/21 23:00:23 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Local\Apps

[2013/01/21 23:00:19 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Local\Deployment

[2013/01/21 21:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\vrq_logs

[2013/01/21 21:43:59 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Local\Programs

[2013/01/21 21:39:46 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Local\LogMeIn Rescue Applet

[2013/01/21 21:32:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2013/01/21 21:20:33 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NortonPCCheckup

[2013/01/21 21:20:33 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NortonPCCheckup\0200030.0CA

[2013/01/21 21:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PC Checkup

[2013/01/21 21:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup

[2013/01/21 21:19:56 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1105000.07F\cchpx86.sys

[2013/01/21 21:19:56 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1105000.07F\symtdiv.sys

[2013/01/21 21:19:56 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1105000.07F\SymDS.sys

[2013/01/21 21:19:56 | 000,325,168 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1105000.07F\srtsp.sys

[2013/01/21 21:19:56 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1105000.07F\SymEFA.sys

[2013/01/21 21:19:56 | 000,116,272 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1105000.07F\Ironx86.sys

[2013/01/21 21:19:56 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1105000.07F\srtspx.sys

[2013/01/21 21:19:42 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS

[2013/01/21 21:19:42 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS\1105000.07F

[2013/01/21 21:19:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

[2013/01/21 21:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security

[2013/01/21 21:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2013/01/21 21:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2013/01/21 21:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2013/01/21 21:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Suite Activation Assistant

[2013/01/21 21:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Small Business

[2013/01/21 21:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005

[2013/01/21 21:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server

[2013/01/21 21:14:16 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2013/01/21 21:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2013/01/21 21:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio

[2013/01/21 21:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2013/01/21 21:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2013/01/21 21:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2013/01/21 21:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2013/01/21 21:12:11 | 000,000,000 | R--D | C] -- C:\MSOCache

[2013/01/21 21:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar

[2013/01/21 21:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer

[2013/01/21 21:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\TOSHIBA Games

[2013/01/21 21:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent

[2013/01/21 21:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2013/01/21 21:01:16 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_32.dll

[2013/01/21 21:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2013/01/21 21:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2013/01/21 21:00:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2013/01/21 21:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2013/01/21 21:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

[2013/01/21 21:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2013/01/21 21:00:03 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH

[2013/01/21 20:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2013/01/21 20:58:40 | 000,000,000 | ---D | C] -- C:\windows\System32\Macromed

[2013/01/21 20:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel

[2013/01/21 20:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InterVideo

[2013/01/21 20:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis

[2013/01/21 20:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel

[2013/01/21 20:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Corel

[2013/01/21 20:57:21 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_29.dll

[2013/01/21 20:56:47 | 000,128,344 | ---- | C] (TOSHIBA Corporation) -- C:\windows\System32\TODDSrv.exe

[2013/01/21 20:54:29 | 000,024,064 | ---- | C] (TOSHIBA Corporation) -- C:\windows\System32\drivers\PGEffect.sys

[2013/01/21 20:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba

[2013/01/21 20:52:36 | 000,091,376 | ---- | C] (Broadcom Corporation) -- C:\windows\System32\bcmwlcoi.dll

[2013/01/21 20:52:35 | 003,866,624 | ---- | C] (Broadcom Corporation) -- C:\windows\System32\bcmihvsrv.dll

[2013/01/21 20:52:35 | 003,555,328 | ---- | C] (Broadcom Corporation) -- C:\windows\System32\bcmihvui.dll

[2013/01/21 20:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom

[2013/01/21 20:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT

[2013/01/21 20:50:10 | 000,000,000 | ---D | C] -- C:\windows\System32\sda

[2013/01/21 20:50:08 | 007,367,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RTSUSTORicon.dll

[2013/01/21 20:50:08 | 000,313,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtsUStor.dll

[2013/01/21 20:50:08 | 000,182,304 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\drivers\RtsUStor.sys

[2013/01/21 20:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics

[2013/01/21 20:47:38 | 000,024,576 | ---- | C] (Toshiba) -- C:\windows\System32\TSCI.dll

[2013/01/21 20:47:38 | 000,024,576 | ---- | C] (Toshiba) -- C:\windows\System32\THCI.dll

[2013/01/21 20:47:28 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution

[2013/01/21 20:47:21 | 000,154,144 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RTInstaller32.exe

[2013/01/21 20:46:52 | 000,100,896 | ---- | C] (Realtek Semiconductor Corporation) -- C:\windows\System32\RTNUninst32.dll

[2013/01/21 20:46:23 | 000,024,576 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\windows\System32\TSBWLS.dll

[2013/01/21 20:46:04 | 000,000,000 | ---D | C] -- C:\windows\System32\Microsoft.VC80.MFC

[2013/01/21 20:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\xp

[2013/01/21 20:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\win7_64

[2013/01/21 20:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\win7_32

[2013/01/21 20:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\vista64

[2013/01/21 20:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\vista32

[2013/01/21 20:45:54 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations

[2013/01/21 20:44:22 | 000,000,000 | ---D | C] -- C:\windows\System32\RTCOM

[2013/01/21 20:44:13 | 002,795,552 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkHDMI.dll

[2013/01/21 20:44:13 | 001,538,080 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RHDMIExt.dll

[2013/01/21 20:44:13 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RH3DHT32.dll

[2013/01/21 20:44:13 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RH3DAA32.dll

[2013/01/21 20:44:13 | 000,168,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\drivers\RtHDMIV.sys

[2013/01/21 20:44:13 | 000,053,280 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RHCoInst.dll

[2013/01/21 20:44:11 | 002,649,120 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkAPO.dll

[2013/01/21 20:44:11 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\windows\System32\MaxxAudioEQ.dll

[2013/01/21 20:44:11 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\windows\System32\WavesLib.dll

[2013/01/21 20:44:11 | 001,749,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkPgExt.dll

[2013/01/21 20:44:11 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\RtlExUpd.dll

[2013/01/21 20:44:11 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RTSndMgr.cpl

[2013/01/21 20:44:11 | 000,371,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkApoApi.dll

[2013/01/21 20:44:11 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEP32A.dll

[2013/01/21 20:44:11 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSTSXT.dll

[2013/01/21 20:44:11 | 000,311,568 | ---- | C] (Waves Audio Ltd.) -- C:\windows\System32\MaxxAudioAPO20.dll

[2013/01/21 20:44:11 | 000,307,616 | ---- | C] (Fortemedia Corporation) -- C:\windows\System32\FMAPO.dll

[2013/01/21 20:44:11 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RP3DHT32.dll

[2013/01/21 20:44:11 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RP3DAA32.dll

[2013/01/21 20:44:11 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSTSHD.dll

[2013/01/21 20:44:11 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSHP360.dll

[2013/01/21 20:44:11 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEED32A.dll

[2013/01/21 20:44:11 | 000,145,760 | ---- | C] (Andrea Electronics Corporation) -- C:\windows\System32\AERTACap.dll

[2013/01/21 20:44:11 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSWOW.dll

[2013/01/21 20:44:11 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\windows\System32\MaxxAudioAPO.dll

[2013/01/21 20:44:11 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\windows\System32\AERTARen.dll

[2013/01/21 20:44:11 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEL32A.dll

[2013/01/21 20:44:11 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEG32A.dll

[2013/01/21 20:44:11 | 000,057,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkCoInst.dll

[2013/01/21 20:44:11 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp

[2013/01/21 20:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2013/01/21 20:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2013/01/21 20:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2013/01/21 20:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

[2013/01/21 20:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies

[2013/01/21 20:42:07 | 014,226,944 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\System32\atioglxx.dll

[2013/01/21 20:42:07 | 005,340,160 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atipmdag.sys

[2013/01/21 20:42:07 | 005,340,160 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atikmdag.sys

[2013/01/21 20:42:07 | 003,703,808 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\atiumdag.dll

[2013/01/21 20:42:07 | 003,657,728 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\System32\aticaldd.dll

[2013/01/21 20:42:07 | 003,131,392 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\atidxx32.dll

[2013/01/21 20:42:07 | 002,993,152 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\atiumdva.dll

[2013/01/21 20:42:07 | 000,446,464 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\aticfx32.dll

[2013/01/21 20:42:07 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\System32\ATIDEMGX.dll

[2013/01/21 20:42:07 | 000,372,736 | ---- | C] (AMD) -- C:\windows\System32\atieclxx.exe

[2013/01/21 20:42:07 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\System32\atipdlxx.dll

[2013/01/21 20:42:07 | 000,274,432 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\System32\Oemdspif.dll

[2013/01/21 20:42:07 | 000,237,568 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\System32\atiadlxx.dll

[2013/01/21 20:42:07 | 000,172,032 | ---- | C] (AMD) -- C:\windows\System32\atiesrxx.exe

[2013/01/21 20:42:07 | 000,159,744 | ---- | C] (AMD) -- C:\windows\System32\atitmmxx.dll

[2013/01/21 20:42:07 | 000,152,064 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\System32\drivers\atikmpag.sys

[2013/01/21 20:42:07 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\System32\atiapfxx.exe

[2013/01/21 20:42:07 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\System32\atibtmon.exe

[2013/01/21 20:42:07 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati2erec.dll

[2013/01/21 20:42:07 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\System32\aticalrt.dll

[2013/01/21 20:42:07 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\System32\aticalcl.dll

[2013/01/21 20:42:07 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\atimpc32.dll

[2013/01/21 20:42:07 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\amdpcom32.dll

[2013/01/21 20:42:07 | 000,050,176 | ---- | C] (AMD) -- C:\windows\System32\coinst.dll

[2013/01/21 20:42:07 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\System32\ati2edxx.dll

[2013/01/21 20:42:07 | 000,027,648 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\atiuxpag.dll

[2013/01/21 20:42:07 | 000,020,480 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\atiu9pag.dll

[2013/01/21 20:42:07 | 000,015,360 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\atigktxx.dll

[2013/01/21 20:42:07 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\atiglpxx.dll

[2013/01/21 20:42:07 | 000,011,776 | ---- | C] (AMD) -- C:\windows\System32\atimuixx.dll

[2013/01/21 20:40:11 | 000,000,000 | ---D | C] -- C:\Intel

[2013/01/21 20:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\postureAgent

[2013/01/21 20:39:23 | 000,041,088 | ---- | C] (Intel Corporation) -- C:\windows\System32\drivers\HECI.sys

[2013/01/21 20:37:34 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\windows\System32\CSVer.dll

[2013/01/21 20:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Intel

[2013/01/21 20:36:49 | 000,000,000 | ---D | C] -- C:\TOSHIBA

[2013/01/21 19:56:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Management

[2013/01/21 19:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Management

[2013/01/21 19:56:54 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\MCLIENT

[2013/01/21 19:56:54 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\MCLIENT\0302000.013

[2013/01/21 07:51:02 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Roaming\Tific

[2013/01/21 07:41:39 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Roaming\Macromedia

[2013/01/21 07:41:39 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Roaming\Adobe

[2013/01/21 07:29:56 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Local\Diagnostics

[2013/01/21 05:58:22 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Local\TOSHIBA_Corporation

[2013/01/21 05:21:18 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Roaming\Toshiba

[2013/01/21 05:06:52 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Local\Toshiba

[2013/01/21 05:06:14 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Roaming\ATI

[2013/01/21 05:06:14 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Local\ATI

[2013/01/21 05:05:48 | 000,000,000 | R--D | C] -- C:\Users\pp\Searches

[2013/01/21 05:05:48 | 000,000,000 | -H-D | C] -- C:\Users\pp\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2013/01/21 05:05:38 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Roaming\Identities

[2013/01/21 05:05:35 | 000,000,000 | R--D | C] -- C:\Users\pp\Contacts

[2013/01/21 05:04:54 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Local\VirtualStore

[2013/01/21 05:04:50 | 000,000,000 | --SD | C] -- C:\Users\pp\AppData\Roaming\Microsoft

[2013/01/21 05:04:50 | 000,000,000 | R--D | C] -- C:\Users\pp\Videos

[2013/01/21 05:04:50 | 000,000,000 | R--D | C] -- C:\Users\pp\Saved Games

[2013/01/21 05:04:50 | 000,000,000 | R--D | C] -- C:\Users\pp\Pictures

[2013/01/21 05:04:50 | 000,000,000 | R--D | C] -- C:\Users\pp\Music

[2013/01/21 05:04:50 | 000,000,000 | R--D | C] -- C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2013/01/21 05:04:50 | 000,000,000 | R--D | C] -- C:\Users\pp\Links

[2013/01/21 05:04:50 | 000,000,000 | R--D | C] -- C:\Users\pp\Favorites

[2013/01/21 05:04:50 | 000,000,000 | R--D | C] -- C:\Users\pp\Downloads

[2013/01/21 05:04:50 | 000,000,000 | R--D | C] -- C:\Users\pp\Documents

[2013/01/21 05:04:50 | 000,000,000 | R--D | C] -- C:\Users\pp\Desktop

[2013/01/21 05:04:50 | 000,000,000 | R--D | C] -- C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2013/01/21 05:04:50 | 000,000,000 | -HSD | C] -- C:\Users\pp\AppData\Local\Temporary Internet Files

[2013/01/21 05:04:50 | 000,000,000 | -HSD | C] -- C:\Users\pp\Templates

[2013/01/21 05:04:50 | 000,000,000 | -HSD | C] -- C:\Users\pp\Start Menu

[2013/01/21 05:04:50 | 000,000,000 | -HSD | C] -- C:\Users\pp\SendTo

[2013/01/21 05:04:50 | 000,000,000 | -HSD | C] -- C:\Users\pp\Recent

[2013/01/21 05:04:50 | 000,000,000 | -HSD | C] -- C:\Users\pp\PrintHood

[2013/01/21 05:04:50 | 000,000,000 | -HSD | C] -- C:\Users\pp\NetHood

[2013/01/21 05:04:50 | 000,000,000 | -HSD | C] -- C:\Users\pp\Documents\My Videos

[2013/01/21 05:04:50 | 000,000,000 | -HSD | C] -- C:\Users\pp\Documents\My Pictures

[2013/01/21 05:04:50 | 000,000,000 | -HSD | C] -- C:\Users\pp\Documents\My Music

[2013/01/21 05:04:50 | 000,000,000 | -HSD | C] -- C:\Users\pp\My Documents

[2013/01/21 05:04:50 | 000,000,000 | -HSD | C] -- C:\Users\pp\Local Settings

[2013/01/21 05:04:50 | 000,000,000 | -HSD | C] -- C:\Users\pp\AppData\Local\History

[2013/01/21 05:04:50 | 000,000,000 | -HSD | C] -- C:\Users\pp\Cookies

[2013/01/21 05:04:50 | 000,000,000 | -HSD | C] -- C:\Users\pp\Application Data

[2013/01/21 05:04:50 | 000,000,000 | -HSD | C] -- C:\Users\pp\AppData\Local\Application Data

[2013/01/21 05:04:50 | 000,000,000 | -H-D | C] -- C:\Users\pp\AppData

[2013/01/21 05:04:50 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Local\Microsoft

[2013/01/21 05:04:50 | 000,000,000 | ---D | C] -- C:\Users\pp\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2013/01/25 23:11:36 | 000,713,058 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2013/01/25 23:11:36 | 000,142,956 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2013/01/25 23:06:59 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013/01/25 23:06:52 | 2405,437,440 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/25 23:03:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pp\Desktop\OTL.exe

[2013/01/25 03:03:06 | 000,016,080 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/25 03:03:06 | 000,016,080 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/24 12:53:50 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts

[2013/01/24 12:14:16 | 013,462,931 | ---- | M] () -- C:\Users\pp\Desktop\mbar-1.01.0.1016.zip

[2013/01/24 11:54:52 | 005,026,296 | R--- | M] (Swearware) -- C:\Users\pp\Desktop\ComboFix.exe

[2013/01/24 05:37:29 | 000,000,355 | ---- | M] () -- C:\Users\pp\Desktop\Computer - Shortcut.lnk

[2013/01/24 04:50:32 | 000,001,418 | ---- | M] () -- C:\Users\pp\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/01/24 04:41:33 | 000,412,632 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2013/01/24 03:14:24 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat

[2013/01/23 14:39:08 | 000,000,000 | ---- | M] () -- C:\Users\pp\sfc

[2013/01/21 21:32:44 | 000,039,252 | ---- | M] () -- C:\windows\System32\license.rtf

[2013/01/21 21:19:18 | 000,001,278 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk

[2013/01/21 21:19:12 | 000,000,945 | ---- | M] () -- C:\windows\System32\mapisvc.inf

[2013/01/21 21:02:18 | 000,000,000 | ---- | M] () -- C:\windows\NDSTray.INI

[2013/01/21 20:58:50 | 000,001,860 | ---- | M] () -- C:\Users\Public\Desktop\TOSHIBA Media Controller.lnk

[2013/01/21 20:58:11 | 000,000,040 | -H-- | M] () -- C:\windows\System32\ivireg.ivr

[2013/01/21 20:52:33 | 003,866,624 | ---- | M] (Broadcom Corporation) -- C:\windows\System32\bcmihvsrv.dll

[2013/01/21 20:52:33 | 003,555,328 | ---- | M] (Broadcom Corporation) -- C:\windows\System32\bcmihvui.dll

[2013/01/21 20:52:33 | 000,091,376 | ---- | M] (Broadcom Corporation) -- C:\windows\System32\bcmwlcoi.dll

[2013/01/21 20:52:33 | 000,006,656 | ---- | M] () -- C:\windows\System32\bcmwlrc.dll

[2013/01/21 20:50:00 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf

[2013/01/21 20:43:23 | 000,000,000 | ---- | M] () -- C:\windows\ativpsrm.bin

========== Files Created - No Company Name ==========

[2013/01/24 12:47:57 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2013/01/24 12:47:57 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2013/01/24 12:47:57 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2013/01/24 12:47:57 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2013/01/24 12:47:57 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2013/01/24 12:40:05 | 013,462,931 | ---- | C] () -- C:\Users\pp\Desktop\mbar-1.01.0.1016.zip

[2013/01/24 05:37:29 | 000,000,355 | ---- | C] () -- C:\Users\pp\Desktop\Computer - Shortcut.lnk

[2013/01/24 04:50:32 | 000,001,418 | ---- | C] () -- C:\Users\pp\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/01/24 04:45:25 | 000,001,424 | ---- | C] () -- C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2013/01/24 03:14:24 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat

[2013/01/23 14:34:53 | 000,000,000 | ---- | C] () -- C:\Users\pp\sfc

[2013/01/21 21:20:57 | 000,001,520 | ---- | C] () -- C:\Users\Public\Desktop\UserGuide.lnk

[2013/01/21 21:20:33 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NortonPCCheckup\0200030.0CA\isolate.ini

[2013/01/21 21:19:49 | 000,003,374 | R--- | C] () -- C:\windows\System32\drivers\NIS\1105000.07F\SymEFA.inf

[2013/01/21 21:19:49 | 000,002,793 | R--- | C] () -- C:\windows\System32\drivers\NIS\1105000.07F\SymDS.inf

[2013/01/21 21:19:49 | 000,001,756 | R--- | C] () -- C:\windows\System32\drivers\NIS\1105000.07F\ccHPx86.inf

[2013/01/21 21:19:49 | 000,001,473 | R--- | C] () -- C:\windows\System32\drivers\NIS\1105000.07F\SymNetV.inf

[2013/01/21 21:19:49 | 000,001,445 | R--- | C] () -- C:\windows\System32\drivers\NIS\1105000.07F\SymNet.inf

[2013/01/21 21:19:49 | 000,001,388 | R--- | C] () -- C:\windows\System32\drivers\NIS\1105000.07F\srtspx.inf

[2013/01/21 21:19:49 | 000,001,382 | R--- | C] () -- C:\windows\System32\drivers\NIS\1105000.07F\srtsp.inf

[2013/01/21 21:19:49 | 000,000,742 | R--- | C] () -- C:\windows\System32\drivers\NIS\1105000.07F\Iron.inf

[2013/01/21 21:19:42 | 000,007,787 | R--- | C] () -- C:\windows\System32\drivers\NIS\1105000.07F\symnetv.cat

[2013/01/21 21:19:42 | 000,007,444 | R--- | C] () -- C:\windows\System32\drivers\NIS\1105000.07F\SymEFA.cat

[2013/01/21 21:19:42 | 000,007,442 | R--- | C] () -- C:\windows\System32\drivers\NIS\1105000.07F\srtspx.cat

[2013/01/21 21:19:42 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NIS\1105000.07F\srtsp.cat

[2013/01/21 21:19:42 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NIS\1105000.07F\iron.cat

[2013/01/21 21:19:42 | 000,007,425 | R--- | C] () -- C:\windows\System32\drivers\NIS\1105000.07F\SymDS.cat

[2013/01/21 21:19:42 | 000,007,396 | R--- | C] () -- C:\windows\System32\drivers\NIS\1105000.07F\cchpx86.cat

[2013/01/21 21:19:42 | 000,007,368 | R--- | C] () -- C:\windows\System32\drivers\NIS\1105000.07F\SymNet.cat

[2013/01/21 21:19:42 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NIS\1105000.07F\isolate.ini

[2013/01/21 21:19:18 | 000,001,278 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk

[2013/01/21 21:10:18 | 000,001,349 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk

[2013/01/21 21:10:10 | 000,001,349 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk

[2013/01/21 21:02:18 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI

[2013/01/21 20:58:50 | 000,001,860 | ---- | C] () -- C:\Users\Public\Desktop\TOSHIBA Media Controller.lnk

[2013/01/21 20:57:43 | 000,000,040 | -H-- | C] () -- C:\windows\System32\ivireg.ivr

[2013/01/21 20:57:01 | 000,002,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Media Creator Help.lnk

[2013/01/21 20:57:01 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\Recovery Media Creator.lnk

[2013/01/21 20:52:36 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll

[2013/01/21 20:50:00 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf

[2013/01/21 20:46:52 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll

[2013/01/21 20:46:23 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll

[2013/01/21 20:43:23 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2013/01/21 20:42:07 | 000,511,072 | ---- | C] () -- C:\windows\System32\atiumdva.cap

[2013/01/21 20:42:07 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe

[2013/01/21 20:42:07 | 000,201,875 | ---- | C] () -- C:\windows\System32\atiicdxx.dat

[2013/01/21 20:42:07 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe

[2013/01/21 20:42:07 | 000,033,624 | ---- | C] () -- C:\windows\System32\atiapfxx.blb

[2013/01/21 20:42:07 | 000,020,692 | ---- | C] () -- C:\windows\atiogl.xml

[2013/01/21 20:42:07 | 000,001,105 | ---- | C] () -- C:\windows\System32\atipblag.dat

[2013/01/21 20:32:42 | 2405,437,440 | -HS- | C] () -- C:\hiberfil.sys

[2013/01/21 05:04:50 | 000,000,290 | ---- | C] () -- C:\Users\pp\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2013/01/21 05:04:50 | 000,000,272 | ---- | C] () -- C:\Users\pp\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== ZeroAccess Check ==========

[2013/01/24 04:47:35 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 11:46:14 | 012,866,560 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 11:45:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009/07/14 12:08:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2010/03/26 16:39:10 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2013/01/24 03:14:24 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat

[2013/01/25 02:49:03 | 000,014,190 | ---- | M] () -- C:\ComboFix.txt

[2013/01/25 23:06:52 | 2405,437,440 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/25 23:06:56 | 3207,249,920 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Link to post
Share on other sites

Error: Unable to interpret <Error: Unable to interpret < %SYSTEMDRIVE%\*.*> in the current context!> in the current context!

Error: Unable to interpret <Error: Unable to interpret < %systemroot%\*. /mp /s> in the current context!> in the current context!

Error: Unable to interpret <Error: Unable to interpret < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU> in the current context!> in the current context!

Error: Unable to interpret <Error: Unable to interpret < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs> in the current context!> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <OTL by OldTimer - Version 3.2.69.0 log created on 01252013_234430> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 01252013_235038

Link to post
Share on other sites

Hello pgpav2003. :)

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTL
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    :Commands
    [EmptyTemp]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

But nothing of concern here so time to turn to ARKs.

Please download GMER from one of the following locations and save it to your Desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your Desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress).
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in Safe Mode.

-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

=====

Also, please also run this tool but do not be alarmed if it crashes as this has been known to occur on Windows 7.

Download Rootkit Unhooker and save it to your Desktop.

Close all open programs and browsers, then double-click RKUnhookerLE.exe to run it.

Vista/Windows 7 users right-click and select Run As Administrator.

  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, Files, and Code Hooks.
  • UNcheck the rest, then click OK.
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
  • Wait until the scanner has finished then go File > Save Report.
  • Save the report somewhere you can find it. Click Close.
  • Copy the entire contents of the report and paste it in your next reply.
    Note: You may get the following warning---just ignore it, click OK and continue. Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?

=====

Please post the contents of all 3 logs in your reply.

Link to post
Share on other sites

Hi I have done the best I can but don't seem to be able to install the rootkit unhooker..Driver instillation fails. But here are the logs from OTL and Gmer.GMER 2.0.18444 - http://www.gmer.net

Rootkit scan 2013-01-26 18:19:43

Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00 596.17GB

Running: 7lxhw7lj starts with g.exe; Driver: C:\Users\pp\AppData\Local\Temp\pgtdapoc.sys

---- Kernel code sections - GMER 2.0 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 830808E9 1 Byte [06]

.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830A03D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text C:\windows\system32\DRIVERS\atipmdag.sys section is writeable [0x93028000, 0x2ECF76, 0xE8000020]

PAGE spsys.sys!?SPRevision@@3PADA + 4F90 98E32000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 50B3 98E32123 486 Bytes [D5, E2, 98, FE, 05, 34, D5, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 529A 98E3230A 142 Bytes [E2, 98, 3B, 08, 77, 04, 3B, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 5329 98E32399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 538F 98E323FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]

PAGE ...

---- User IAT/EAT - GMER 2.0 ----

IAT C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe[432] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [753A5E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe[432] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753A5E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe[432] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753A5E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe[432] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753A5E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe[432] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753A5E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Threads - GMER 2.0 ----

Thread System [4:1712] 98E3FF2E

---- EOF - GMER 2.0 ----

Please run OTL.exe.

•Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:Commands

[EmptyTemp]

• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

•Click the red Run Fix button.

•A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

•Close OTL.exe

Link to post
Share on other sites

Hey pgpav2003,

Nothing so far. Let's give this tool a try.

Please download to the Desktop RogueKiller (by tigzy).

  • Please quit all programs.
  • Start RogueKiller.exe.
  • Wait until Prescan has finished.
  • Click on Scan.
  • Click on Report and copy/paste the contents of the report in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.