Jump to content

A challenge for Malware Bytes Removal team

pgpav2003

By pgpav2003
in Resolved Malware Removal Logs

 Share

Recommended Posts

  • Replies 88
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

pgpav2003

pgpav2003

Posted
  • Author
Posted

here is the Rogue killer report................

RogueKiller V8.4.3 [Jan 25 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version

Started in : Safe mode

User : pp [Admin rights]

Mode : Scan -- Date : 01/26/2013 23:41:18

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6465GSX +++++

--- User ---

[MBR] 0f44b4234d320f5f01dc87cc6f458d36

[bSP] 2b55b6a2990299aac8463e8911f07e38 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 608977 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SanDisk U3 Cruzer Micro USB Device +++++

--- User ---

[MBR] cd18a4206b6c50d167ba6971d806b6c2

[bSP] 283df93ea80de25df5246b6e1eff34a5 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 979 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_01262013_02d2341.txt >>

RKreport[1]_S_01262013_02d2341.txt

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

G'day pgpav2003,

Yes indeed!

  • Please re-run RogueKiller.
  • Click on the Delete button.
  • The report has been created on the Desktop. Please post it in your reply.

=====

OK. Time to bring out an external disc.

Please read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:

Download Kaspersky Rescue Disk 10

How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?

How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

  • Please go to a clean computer
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • On the infected computer: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarise yourself with How to create a report file in Kaspersky Rescue Disk 10?

Then, please print the following directions:

Boot from Kaspersky Rescue Disk 10:

Restart your computer and put the disk in the drive while booting.

Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.

Select the required interface language using the arrow-keys on your keyboard.

Press the Enter key on the keyboard.

In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode

Click Enter.

Click 'A' to accept the agreement.

Select operating system from dropdown menu (select Windows whatever).

Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:

Click My Update Center and update.

Back to other tab and click Start Object Scan.

When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.

On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.

On the upper right hand corner of the Detailed report window, click on the Save button.

After clicking Detailed Report and 'SAVE', a browse window opens.

Double-click on the \

Click 'disks'.

All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.

Click on the Save button.

The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

=====

In your reply please post the log from RogueKiller plus the Detected portion from Kaspersky.

Link to post
Share on other sites
pgpav2003

pgpav2003

Posted
  • Author
Posted

Hi this is just a prelude to the reports that will follow ; Am having great difficulty getting a cd to boot so am going to try the usb.for Kapersky . Ok the usb boots but doesn't seem to finish its process properly as the program seems to come up twice . On the third try I have it working and scanning but it will not update. It continually looks for a wired connection even though I have given it the wireless connection credentials that it normally uses to access the net. also noted something called a shadow bios which I have not seen before during boot up to the rescue disk..

Link to post
Share on other sites
pgpav2003

pgpav2003

Posted
  • Author
Posted

I am afraid the rescue disk just tops working after the scan finishes and will not produce a report nor will it allow me to exit normally. The buttons for usual exit just don't work. I feel that due to the program seemingly only half loading that the virus or hack is ensuring that no reports can be made so no remedy will be available . I ran rogue Killer in nomal boot it crashed the laptop twice Ran it in safe mode and the reprtss showed nothing to delete..............

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version

Started in : Safe mode

User : pp [Admin rights]

Mode : Scan -- Date : 01/28/2013 03:40:24

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6465GSX +++++

--- User ---

[MBR] 0f44b4234d320f5f01dc87cc6f458d36

[bSP] 2b55b6a2990299aac8463e8911f07e38 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 608977 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_S_01282013_02d0340.txt >>

RKreport[1]_S_01262013_02d2341.txt ; RKreport[2]_S_01282013_02d0340.txt ;;;;;;;;;;;;;;;;;;;;;;

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version

Started in : Safe mode

User : pp [Admin rights]

Mode : Scan -- Date : 01/28/2013 03:40:57

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6465GSX +++++

--- User ---

[MBR] 0f44b4234d320f5f01dc87cc6f458d36

[bSP] 2b55b6a2990299aac8463e8911f07e38 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 608977 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_S_01282013_02d0340.txt >>

RKreport[1]_S_01262013_02d2341.txt ; RKreport[2]_S_01282013_02d0340.txt ; RKreport[3]_S_01282013_02d0340.txt

Link to post
Share on other sites
pgpav2003

pgpav2003

Posted
  • Author
Posted

I Finally got Kapersky to work..........................Objects Scan: completed 4 hours ago (events: 2, objects: 4, time: 00:00:29)

1/28/13 12:08 AM Task completed

1/28/13 12:07 AM Task started

Objects Scan: malfunction (events: 1, objects: 1, time: Unknown)

1/28/13 12:10 AM Task started

Objects Scan: completed 2 hours ago (events: 6, objects: 559930, time: 00:46:04)

1/28/13 1:25 AM Task completed

1/28/13 1:11 AM Processing error sda2/Users/pp/Downloads/KNOPPIX_V7.0.5DVD-2012-12-21-EN.iso Read error

1/28/13 1:11 AM Processing error sda2/Users/pp/Downloads/KNOPPIX_V7.0.5DVD-2012-12-21-EN.iso/KNOPPIX/KNOPPIX Read error

1/28/13 12:46 AM Processing error /mnt/MountedDevices/PD-EBF1B487-000000005DD00000/Users/pp/Downloads/KNOPPIX_V7.0.5DVD-2012-12-21-EN.iso Read error

1/28/13 12:46 AM Processing error /mnt/MountedDevices/PD-EBF1B487-000000005DD00000/Users/pp/Downloads/KNOPPIX_V7.0.5DVD-2012-12-21-EN.iso/KNOPPIX/KNOPPIX Read error

1/28/13 12:39 AM Task started

Objects Scan: completed 2 hours ago (events: 2, objects: 3048, time: 00:01:03)

1/28/13 1:38 AM Task completed

1/28/13 1:37 AM Task started

Objects Scan: completed 2 hours ago (events: 2, objects: 12145, time: 00:01:56)

1/28/13 1:42 AM Task completed

1/28/13 1:40 AM Task started

Objects Scan: malfunction (events: 3, objects: 2, time: Unknown)

1/28/13 2:02 AM Processing error /mnt/MountedDevices/PD-EBF1B487-000000005DD00000/Users/pp/Downloads/KNOPPIX_V7.0.5DVD-2012-12-21-EN.iso Read error

1/28/13 2:02 AM Processing error /mnt/MountedDevices/PD-EBF1B487-000000005DD00000/Users/pp/Downloads/KNOPPIX_V7.0.5DVD-2012-12-21-EN.iso/KNOPPIX/KNOPPIX Read error

1/28/13 1:55 AM Task started

Objects Scan: completed 3 minutes ago (events: 6, objects: 572071, time: 00:48:20)

1/28/13 4:15 AM Task completed

1/28/13 3:59 AM Processing error sda2/Users/pp/Downloads/KNOPPIX_V7.0.5DVD-2012-12-21-EN.iso Read error

1/28/13 3:59 AM Processing error sda2/Users/pp/Downloads/KNOPPIX_V7.0.5DVD-2012-12-21-EN.iso/KNOPPIX/KNOPPIX Read error

1/28/13 3:34 AM Processing error /mnt/MountedDevices/PD-EBF1B487-000000005DD00000/Users/pp/Downloads/KNOPPIX_V7.0.5DVD-2012-12-21-EN.iso Read error

1/28/13 3:34 AM Processing error /mnt/MountedDevices/PD-EBF1B487-000000005DD00000/Users/pp/Downloads/KNOPPIX_V7.0.5DVD-2012-12-21-EN.iso/KNOPPIX/KNOPPIX Read error

1/28/13 3:26 AM Task started

Link to post
Share on other sites
pgpav2003

pgpav2003

Posted
  • Author
Posted

KNOPIX shouldn't be installed on this machine as I have never installed it only ran from CD to see if I could find whether there were any Linux partitions on this machine. The installs were to ram only and never to the hard disc. Some how I am going to have to rewrite the boot sectors. Any Ideas welcome . If I can get back to a factory reset the knoppix mount problems should go away but it seems to have wiped the boot manager out. Sorry for the extra hassle.

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hello pgpav2003,

This link nicely shows you how to do it:

http://www.partition...-partition.html

=====

Kaspersky didn't find anything bad.

Please try this rescue disc.

The Bitdefender Rescue CD is a bootable CD based version of Bitdefender Antivirus.

The download is in ISO format.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

There is a tutorial on running it at How to Use the BitDefender Rescue CD to Clean Your Infected PC

Please download the Bitdefender Rescue CD:

http://download.bitdefender.com/rescue_cd/bitdefender-rescue-cd.iso

  • Burn the Bitdefender Rescue CD ISO image to CD.
  • Insert the Bitdefender Rescue CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive).
  • Select "Start Bitdefender Rescue CD in English", then press Enter.
  • Once the graphical interface starts, select "Continue".
  • Bitdefender Update will start automatically.
  • When finished updating, scanning will start automatically.
  • When finished scanning, if threats were detected, double-click the Desktop icon "Scan Logs".
  • In the window that opens, double-click the log file and open it with Firefox.
  • To save the log, go to File > Save Page As, enter a file name you will remember such as BDSCAN.TXT, then in the "Save in folder" field select your system drive, and click "Save".
  • The log will save in the root of your system drive (C:\).
  • Close the scanner, restart your system, and post the log in your next reply.

Link to post
Share on other sites
pgpav2003

pgpav2003

Posted
  • Author
Posted

I have a few anomalies that just don't add up

1 I found the rescue disks that I made when I first got my laptop . :) Hidden and covered in cobwebs but still as good as new. On entering the rescue disk area of the Toshiba bios recovery program I put the disk in picked win 7 64 bit and set it to work. When I made the back up disks there were four needed, but after wiping the disk now there are only three needed. I also noted that while installing when it got to the place where you would normally put the fourth disk in the machine rebooted. and the grey window started to fill stopped and disappeared the machine then continued to finish the install. On looking at the 4th disk it contained about 14 meg of boot files. I thought perhaps that because I had picked the 64 bit that perhaps this was the 32 bit boot files. Not sure. Anyway I thought seeing as how I had cleaned up the os that I would run all of the other tests that were run previously.

Rogue killer again came up with that odd acer file as well as some other odd files which I deleted. I also ran Combo fix and old timer again as well.

The logs for those are below. I am now running Kapersky and it gave me 4 choices of windows 7 one windows setup and 3 windows 7. It appears to me that whatever is put in this machine it takes it on and like shadow copies it as well as having the real thing I have sda1 sda2 sda3 and sda1 all showing as windows 7 but sda1 is called windows 7 setup and sda1 is actually kapersky rescue disk.

I am still thinking there is a very well hidden area on this hard drive with enough space to shadow copy the initial boot up and enough files to network me from inside effectively fooling any malware or virus checks into thinking that all is being done legit.

I am running Kapersky with all boxes checked just in case it picks up on the anomaly in any of the so called drives.

here is the Rogue killer after a clean install

RogueKiller V8.4.3 _x64_ [Jan 27 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : pete [Admin rights]

Mode : Scan -- Date : 01/28/2013 14:50:40

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6465GSX ATA Device +++++

--- User ---

[MBR] 6b869956331b8c2ba4ff6e286fee6264

[bSP] 264e46d6820ea032b640ccbbebc6baa7 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 596964 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1225656320 | Size: 12015 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01282013_02d1450.txt >>

RKreport[1]_S_01282013_02d1450.txt

Here is combo fix normal scan after clean install

ComboFix 13-01-23.01 - pete 28/01/2013 15:20:57.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3955.2864 [GMT 10.5:30]

Running from: c:\users\pete\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-28 )))))))))))))))))))))))))))))))

.

.

2013-01-28 21:22 . 2013-01-28 21:22 -------- d-----w- c:\windows\system32\drivers\NISx64

2013-01-28 21:22 . 2013-01-28 21:22 -------- d-----w- c:\program files (x86)\Norton Internet Security

2013-01-28 21:22 . 2013-01-28 04:39 -------- d-----w- c:\programdata\Norton

2013-01-28 21:21 . 2013-01-28 04:40 -------- d-----w- c:\program files (x86)\NortonInstaller

2013-01-28 21:21 . 2013-01-28 21:21 -------- d-----w- c:\program files (x86)\Microsoft Office Suite Activation Assistant

2013-01-28 21:20 . 2013-01-28 21:21 -------- d-----w- c:\program files (x86)\Microsoft Small Business

2013-01-28 21:16 . 2013-01-28 21:17 -------- d-----w- c:\program files\Microsoft SQL Server

2013-01-28 21:16 . 2013-01-28 21:19 -------- d-----w- c:\program files (x86)\Microsoft SQL Server

2013-01-28 21:14 . 2013-01-28 21:15 -------- d-----w- c:\program files (x86)\Microsoft Works

2013-01-28 21:12 . 2013-01-28 21:12 -------- d-----w- c:\program files\Microsoft Office

2013-01-28 21:12 . 2013-01-28 21:16 -------- d-----w- c:\programdata\Microsoft Help

2013-01-28 21:12 . 2013-01-28 21:12 -------- d-----r- C:\MSOCache

2013-01-28 21:07 . 2013-01-28 21:07 -------- d-----w- c:\program files (x86)\MSN Toolbar

2013-01-28 21:07 . 2013-01-28 21:07 -------- d-----w- c:\program files (x86)\Bing Bar Installer

2013-01-28 21:02 . 2013-01-28 21:05 -------- d-----w- c:\program files (x86)\TOSHIBA Games

2013-01-28 21:02 . 2013-01-28 21:05 -------- d-----w- c:\programdata\WildTangent

2013-01-28 20:58 . 2013-01-28 21:06 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2013-01-28 20:57 . 2006-11-29 21:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2013-01-28 20:57 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll

2013-01-28 20:57 . 2013-01-28 20:57 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2013-01-28 20:57 . 2013-01-28 20:57 -------- d-----w- c:\program files (x86)\Microsoft

2013-01-28 20:56 . 2013-01-28 20:56 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive

2013-01-28 20:56 . 2013-01-28 20:58 -------- d-----w- c:\program files (x86)\Windows Live

2013-01-28 20:56 . 2013-01-28 20:56 -------- d-----w- c:\windows\PCHEALTH

2013-01-28 20:55 . 2013-01-28 20:55 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

2013-01-28 20:54 . 2013-01-28 20:54 -------- d-----w- c:\windows\SysWow64\Macromed

2013-01-28 20:53 . 2007-04-17 19:51 14112 ----a-w- c:\windows\system32\drivers\regi.sys

2013-01-28 20:53 . 2013-01-28 20:53 -------- d-----w- c:\program files (x86)\Common Files\InterVideo

2013-01-28 20:52 . 2013-01-28 20:52 -------- d-----w- c:\program files (x86)\Common Files\Protexis

2013-01-28 20:52 . 2013-01-28 20:52 -------- d-----w- c:\programdata\Corel

2013-01-28 20:52 . 2013-01-28 20:52 -------- d-----w- c:\program files (x86)\Corel

2013-01-28 20:51 . 2009-07-28 23:48 140632 ----a-w- c:\windows\system32\TODDSrv.exe

2013-01-28 20:49 . 2009-06-23 01:06 35008 ----a-w- c:\windows\system32\drivers\PGEffect.sys

2013-01-28 20:48 . 2013-01-28 20:50 -------- d-----w- c:\programdata\Toshiba

2013-01-28 20:46 . 2013-01-28 20:46 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll

2013-01-28 20:46 . 2013-01-28 20:46 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

2013-01-28 20:46 . 2013-01-28 20:46 3891200 ----a-w- c:\windows\system32\bcmihvsrv64.dll

2013-01-28 20:46 . 2013-01-28 20:46 3555840 ----a-w- c:\windows\system32\bcmihvui64.dll

2013-01-28 20:46 . 2013-01-28 20:46 -------- d-----w- c:\program files\Broadcom

2013-01-28 20:46 . 2013-01-28 20:46 3058168 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS

2013-01-28 20:43 . 2013-01-28 20:43 -------- d-----w- c:\program files\CONEXANT

2013-01-28 20:43 . 2010-01-07 17:05 7367200 ----a-w- c:\windows\system32\RTSUSTORicon.dll

2013-01-28 20:43 . 2010-01-07 17:05 232992 ----a-w- c:\windows\system32\drivers\RtsUStor.sys

2013-01-28 20:42 . 2013-01-28 20:42 -------- d-----w- c:\program files\Synaptics

2013-01-28 20:42 . 2010-03-05 00:44 8192 ----a-w- c:\windows\system32\TSBWLS.dll

2013-01-28 20:42 . 2010-03-05 00:44 49664 ----a-w- c:\windows\system32\HWS_Ctrl.dll

2013-01-28 20:41 . 2010-01-06 08:46 189984 ----a-w- c:\windows\system32\RTInstaller64.exe

2013-01-28 20:41 . 2010-01-12 22:37 325152 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2013-01-28 20:41 . 2010-01-06 08:39 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

2013-01-28 20:41 . 2009-12-04 01:27 74272 ----a-w- c:\windows\system32\RtNicProp64.dll

2013-01-28 20:38 . 1999-10-13 02:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll

2013-01-28 20:38 . 1999-10-13 02:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll

2013-01-28 20:37 . 2013-01-28 20:40 -------- d-----w- c:\programdata\win7_64

2013-01-28 20:37 . 2013-01-28 20:40 -------- d-----w- c:\programdata\win7_32

2013-01-28 20:37 . 2013-01-28 20:37 -------- d-----w- c:\windows\SysWow64\Microsoft.VC80.MFC

2013-01-28 20:37 . 2013-01-28 20:37 -------- d-----w- c:\windows\system32\Microsoft.VC80.MFC

2013-01-28 20:37 . 2013-01-28 20:37 -------- d-----w- c:\programdata\xp

2013-01-28 20:37 . 2013-01-28 20:37 -------- d-----w- c:\programdata\vista64

2013-01-28 20:37 . 2013-01-28 20:37 -------- d-----w- c:\programdata\vista32

2013-01-28 20:37 . 2013-01-28 20:55 -------- d-----w- c:\program files (x86)\TOSHIBA

2013-01-28 20:37 . 2013-01-28 20:51 -------- d-----w- c:\windows\Downloaded Installations

2013-01-28 20:34 . 2013-01-28 20:34 -------- d-----w- c:\programdata\ATI

2013-01-28 20:34 . 2013-01-28 20:34 0 ----a-w- c:\windows\ativpsrm.bin

2013-01-28 20:32 . 2013-01-28 20:32 -------- d-----w- c:\program files\ATI

2013-01-28 20:32 . 2013-01-28 20:33 -------- d-----w- c:\program files (x86)\ATI Technologies

2013-01-28 20:29 . 2013-01-28 20:29 -------- d-----w- C:\Intel

2013-01-28 20:28 . 2013-01-28 20:28 -------- d-----w- c:\program files (x86)\Common Files\postureAgent

2013-01-28 20:28 . 2009-09-17 20:54 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys

2013-01-28 20:26 . 2013-01-28 20:29 -------- d-----w- c:\program files (x86)\Intel

2013-01-28 20:26 . 2009-11-19 00:03 53248 ----a-w- c:\windows\SysWow64\CSVer.dll

2013-01-28 20:25 . 2013-01-28 21:23 -------- d-----w- C:\TOSHIBA

2013-01-28 04:54 . 2013-01-28 04:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-28 04:19 . 2013-01-28 04:19 35712 ----a-w- c:\windows\SysWow64\drivers\KdIxijiP.sys

2013-01-28 04:16 . 2013-01-28 04:16 -------- d-----w- c:\program files (x86)\MustBeRandomlyNamed

2013-01-28 04:10 . 2013-01-28 04:11 -------- d-----w- c:\users\pete

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-05 423936]

"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]

"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1407.0\mswinext.exe" [2010-03-12 243032]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R3 KdIxijiP;BlackBox SR2; [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-29 249200]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2009-12-09 126392]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://toshiba.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:00000009

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe

c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

.

**************************************************************************

.

Completion time: 2013-01-28 15:28:56 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-28 04:58

.

Pre-Run: 601,008,177,152 bytes free

Post-Run: 600,866,004,992 bytes free

.

- - End Of File - - AFB79741AB755A5503A9CD241DB556E8

Link to post
Share on other sites
pgpav2003

pgpav2003

Posted
  • Author
Posted

OTL logfile created on: 1/28/2013 3:39:14 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pete\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.86 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 72.18% Memory free

7.72 Gb Paging File | 6.45 Gb Available in Paging File | 83.51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 582.97 Gb Total Space | 559.69 Gb Free Space | 96.01% Space Free | Partition Type: NTFS

Computer Name: PETE-PC | User Name: pete | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/29 07:51:55 | 000,731,088 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe

PRC - [2013/01/25 23:03:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pete\Desktop\OTL.exe

PRC - [2010/03/12 11:27:56 | 000,243,032 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1407.0\mswinext.exe

PRC - [2010/03/04 09:11:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/02/24 20:24:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

PRC - [2010/02/23 07:53:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2009/12/26 09:51:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

PRC - [2009/12/09 19:35:51 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

PRC - [2009/07/29 14:56:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

PRC - [2009/07/23 08:10:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe

PRC - [2009/02/21 04:16:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2010/04/07 09:23:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2010/03/16 04:26:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/02/24 12:27:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2010/02/06 12:14:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/11/06 16:35:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2009/07/29 10:18:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2009/07/14 12:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2010/03/04 09:12:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/03/04 09:11:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/02/26 07:37:14 | 000,196,464 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2010/01/29 11:14:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

SRV - [2009/12/09 19:35:51 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe -- (NIS)

SRV - [2009/12/04 13:00:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/10/07 03:51:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2009/06/11 07:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/04/30 05:51:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)

SRV - [2009/03/11 13:21:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2009/02/21 04:16:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2007/07/25 05:45:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2007/01/05 14:18:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/29 07:16:13 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2010/03/16 04:36:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/03/16 03:30:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/03/11 13:21:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/02/11 09:32:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/01/13 09:07:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/01/08 03:35:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/12/03 16:38:32 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2009/12/03 16:38:32 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2009/12/03 09:31:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2009/09/18 07:24:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/07/31 15:32:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)

DRV:64bit: - [2009/07/31 14:52:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/15 10:01:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/14 16:42:00 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)

DRV:64bit: - [2009/07/14 12:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/14 12:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/14 12:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 12:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 12:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 12:17:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/14 12:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/23 11:36:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009/06/20 13:45:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/11 07:31:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/11 07:31:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/11 07:31:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/11 07:31:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/06/11 07:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/11 07:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/11 07:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/11 07:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/04/30 05:51:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)

DRV:64bit: - [2009/02/13 16:54:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2009/02/13 16:50:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)

DRV:64bit: - [2009/02/13 16:49:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2007/04/18 06:21:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)

DRV:64bit: - [2006/06/19 00:57:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)

DRV - [2013/01/28 14:49:31 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\SysWow64\drivers\KdIxijiP.sys -- (KdIxijiP)

DRV - [2009/12/09 19:30:00 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20091209.020\EX64.SYS -- (NAVEX15)

DRV - [2009/12/09 19:30:00 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20091209.020\ENG64.SYS -- (NAVENG)

DRV - [2009/07/14 11:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2007/04/18 14:39:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F4ED0519-C584-4DDA-BE93-FA0B93D040F6}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com

IE - HKCU\..\SearchScopes,DefaultScope = {F4ED0519-C584-4DDA-BE93-FA0B93D040F6}

IE - HKCU\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1407.0\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1407.0\Firefox [2013/01/29 07:37:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2013/01/29 07:37:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\

Link to post
Share on other sites
pgpav2003

pgpav2003

Posted
  • Author
Posted

O1 HOSTS File: ([2013/01/28 15:26:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1407.0\npwinext.dll (Microsoft Corporation)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1407.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1407.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1407.0\mswinext.exe (Microsoft Corp.)

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

O4 - HKLM..\Run: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/29 07:52:46 | 000,615,040 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1105000.07F\cchpx64.sys

[2013/01/29 07:52:46 | 000,504,880 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1105000.07F\srtsp64.sys

[2013/01/29 07:52:46 | 000,451,120 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1105000.07F\symtdiv.sys

[2013/01/29 07:52:46 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1105000.07F\SymDS64.sys

[2013/01/29 07:52:46 | 000,221,232 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1105000.07F\SymEFA64.sys

[2013/01/29 07:52:46 | 000,148,528 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1105000.07F\Ironx64.sys

[2013/01/29 07:52:46 | 000,032,304 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1105000.07F\srtspx64.sys

[2013/01/29 07:52:31 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64

[2013/01/29 07:52:31 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1105000.07F

[2013/01/29 07:52:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

[2013/01/29 07:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security

[2013/01/29 07:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2013/01/29 07:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2013/01/29 07:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller

[2013/01/29 07:51:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant

[2013/01/29 07:50:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Small Business

[2013/01/29 07:50:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2013/01/29 07:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005

[2013/01/29 07:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server

[2013/01/29 07:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server

[2013/01/29 07:44:53 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2013/01/29 07:44:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works

[2013/01/29 07:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio

[2013/01/29 07:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2013/01/29 07:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2013/01/29 07:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2013/01/29 07:42:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2013/01/29 07:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2013/01/29 07:42:01 | 000,000,000 | R--D | C] -- C:\MSOCache

[2013/01/29 07:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar

[2013/01/29 07:37:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer

[2013/01/29 07:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA Games

[2013/01/29 07:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent

[2013/01/29 07:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2013/01/29 07:27:57 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_32.dll

[2013/01/29 07:27:57 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_32.dll

[2013/01/29 07:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

[2013/01/29 07:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft

[2013/01/29 07:27:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2013/01/29 07:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive

[2013/01/29 07:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

[2013/01/29 07:26:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live

[2013/01/29 07:26:24 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH

[2013/01/29 07:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live

[2013/01/29 07:24:39 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Macromed

[2013/01/29 07:23:07 | 000,014,112 | ---- | C] (InterVideo) -- C:\windows\SysNative\drivers\regi.sys

[2013/01/29 07:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel

[2013/01/29 07:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InterVideo

[2013/01/29 07:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis

[2013/01/29 07:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel

[2013/01/29 07:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel

[2013/01/29 07:22:41 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_29.dll

[2013/01/29 07:21:53 | 000,140,632 | ---- | C] (TOSHIBA Corporation) -- C:\windows\SysNative\TODDSrv.exe

[2013/01/29 07:19:15 | 000,035,008 | ---- | C] (TOSHIBA Corporation) -- C:\windows\SysNative\drivers\PGEffect.sys

[2013/01/29 07:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba

[2013/01/29 07:16:17 | 003,891,200 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\bcmihvsrv64.dll

[2013/01/29 07:16:17 | 003,555,840 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\bcmihvui64.dll

[2013/01/29 07:16:17 | 000,095,472 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\bcmwlcoi.dll

[2013/01/29 07:16:16 | 003,058,168 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\drivers\BCMWL664.SYS

[2013/01/29 07:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom

[2013/01/29 07:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT

[2013/01/29 07:13:06 | 007,367,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RTSUSTORicon.dll

[2013/01/29 07:13:03 | 000,232,992 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\drivers\RtsUStor.sys

[2013/01/29 07:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics

[2013/01/29 07:12:20 | 000,049,664 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\windows\SysNative\HWS_Ctrl.dll

[2013/01/29 07:12:20 | 000,008,192 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\windows\SysNative\TSBWLS.dll

[2013/01/29 07:11:51 | 000,189,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RTInstaller64.exe

[2013/01/29 07:11:03 | 000,325,152 | ---- | C] (Realtek ) -- C:\windows\SysNative\drivers\Rt64win7.sys

[2013/01/29 07:11:03 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\windows\SysNative\RTNUninst64.dll

[2013/01/29 07:08:26 | 000,024,576 | ---- | C] (Toshiba) -- C:\windows\SysWow64\TSCI.dll

[2013/01/29 07:08:26 | 000,024,576 | ---- | C] (Toshiba) -- C:\windows\SysWow64\THCI.dll

[2013/01/29 07:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\xp

[2013/01/29 07:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\win7_64

[2013/01/29 07:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\win7_32

[2013/01/29 07:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\vista64

[2013/01/29 07:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\vista32

[2013/01/29 07:07:47 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Microsoft.VC80.MFC

[2013/01/29 07:07:47 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Microsoft.VC80.MFC

[2013/01/29 07:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA

[2013/01/29 07:07:30 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations

[2013/01/29 07:05:44 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\RTCOM

[2013/01/29 07:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2013/01/29 07:05:35 | 001,638,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtkHDM64.dll

[2013/01/29 07:05:35 | 000,213,280 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\drivers\RtHDMIVX.sys

[2013/01/29 07:05:34 | 001,691,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RHDMEx64.dll

[2013/01/29 07:05:34 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RH3DHT64.dll

[2013/01/29 07:05:34 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RH3DAA64.dll

[2013/01/29 07:05:34 | 000,064,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RHCoInst64.dll

[2013/01/29 07:05:33 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\WavesGUILib.dll

[2013/01/29 07:05:33 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioEQ.dll

[2013/01/29 07:05:33 | 001,929,760 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtPgEx64.dll

[2013/01/29 07:05:33 | 001,660,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtkAPO64.dll

[2013/01/29 07:05:33 | 001,210,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RTCOM64.dll

[2013/01/29 07:05:33 | 000,612,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RTSnMg64.cpl

[2013/01/29 07:05:33 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSTSX64.dll

[2013/01/29 07:05:33 | 000,477,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtkApi64.dll

[2013/01/29 07:05:33 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEP64A.dll

[2013/01/29 07:05:33 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtlCPAPI64.dll

[2013/01/29 07:05:33 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioAPO20.dll

[2013/01/29 07:05:33 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RP3DHT64.dll

[2013/01/29 07:05:33 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RP3DAA64.dll

[2013/01/29 07:05:33 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSTSH64.dll

[2013/01/29 07:05:33 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEED64A.dll

[2013/01/29 07:05:33 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSHP64.dll

[2013/01/29 07:05:33 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSWOW64.dll

[2013/01/29 07:05:33 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtkCfg64.dll

[2013/01/29 07:05:33 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEL64A.dll

[2013/01/29 07:05:33 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEG64A.dll

[2013/01/29 07:05:33 | 000,069,664 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RCoInst64.dll

[2013/01/29 07:05:32 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\RtlExUpd.dll

[2013/01/29 07:05:32 | 000,338,848 | ---- | C] (Fortemedia Corporation) -- C:\windows\SysNative\FMAPO64.dll

[2013/01/29 07:05:32 | 000,168,288 | ---- | C] (Andrea Electronics Corporation) -- C:\windows\SysNative\AERTAC64.dll

[2013/01/29 07:05:32 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\windows\SysNative\AERTAR64.dll

[2013/01/29 07:05:32 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp

[2013/01/29 07:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2013/01/29 07:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2013/01/29 07:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2013/01/29 07:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

[2013/01/29 07:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies

[2013/01/29 07:01:43 | 018,798,592 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\atio6axx.dll

[2013/01/29 07:01:43 | 014,226,944 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysWow64\atioglxx.dll

[2013/01/29 07:01:43 | 006,403,072 | ---- | C] (ATI Technologies Inc.) -- C:\windows\SysNative\drivers\atipmdag.sys

[2013/01/29 07:01:43 | 006,403,072 | ---- | C] (ATI Technologies Inc.) -- C:\windows\SysNative\drivers\atikmdag.sys

[2013/01/29 07:01:43 | 004,801,536 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\SysNative\atiumd64.dll

[2013/01/29 07:01:43 | 004,781,568 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysNative\aticaldd64.dll

[2013/01/29 07:01:43 | 003,800,064 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\SysNative\atidxx64.dll

[2013/01/29 07:01:43 | 003,703,808 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\SysWow64\atiumdag.dll

[2013/01/29 07:01:43 | 003,657,728 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysWow64\aticaldd.dll

[2013/01/29 07:01:43 | 003,131,392 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\SysWow64\atidxx32.dll

[2013/01/29 07:01:43 | 002,993,152 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atiumdva.dll

[2013/01/29 07:01:43 | 002,716,160 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atiumd6a.dll

[2013/01/29 07:01:43 | 000,497,152 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\SysNative\aticfx64.dll

[2013/01/29 07:01:43 | 000,450,560 | ---- | C] (AMD) -- C:\windows\SysNative\atieclxx.exe

[2013/01/29 07:01:43 | 000,446,464 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\SysWow64\aticfx32.dll

[2013/01/29 07:01:43 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\ATIDEMGX.dll

[2013/01/29 07:01:43 | 000,420,864 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\SysNative\atipdl64.dll

[2013/01/29 07:01:43 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\SysWow64\atipdlxx.dll

[2013/01/29 07:01:43 | 000,330,752 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\atiadlxx.dll

[2013/01/29 07:01:43 | 000,274,432 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\SysWow64\Oemdspif.dll

[2013/01/29 07:01:43 | 000,237,568 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysWow64\atiadlxy.dll

[2013/01/29 07:01:43 | 000,202,752 | ---- | C] (AMD) -- C:\windows\SysNative\atiesrxx.exe

[2013/01/29 07:01:43 | 000,188,928 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\drivers\atikmpag.sys

[2013/01/29 07:01:43 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\atiapfxx.exe

[2013/01/29 07:01:43 | 000,120,320 | ---- | C] (AMD) -- C:\windows\SysNative\atitmm64.dll

[2013/01/29 07:01:43 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\atibtmon.exe

[2013/01/29 07:01:43 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\SysNative\atiedu64.dll

[2013/01/29 07:01:43 | 000,055,296 | ---- | C] (AMD) -- C:\windows\SysNative\coinst.dll

[2013/01/29 07:01:43 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\windows\SysNative\drivers\ati2erec.dll

[2013/01/29 07:01:43 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atimpc64.dll

[2013/01/29 07:01:43 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\amdpcom64.dll

[2013/01/29 07:01:43 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysWow64\aticalrt.dll

[2013/01/29 07:01:43 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysWow64\aticalcl.dll

[2013/01/29 07:01:43 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atimpc32.dll

[2013/01/29 07:01:43 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\amdpcom32.dll

[2013/01/29 07:01:43 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\SysWow64\ati2edxx.dll

[2013/01/29 07:01:43 | 000,043,008 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysNative\aticalrt64.dll

[2013/01/29 07:01:43 | 000,039,936 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysNative\aticalcl64.dll

[2013/01/29 07:01:43 | 000,036,352 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atiuxp64.dll

[2013/01/29 07:01:43 | 000,028,160 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atiu9p64.dll

[2013/01/29 07:01:43 | 000,027,648 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atiuxpag.dll

[2013/01/29 07:01:43 | 000,020,480 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atiu9pag.dll

[2013/01/29 07:01:43 | 000,016,896 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atig6txx.dll

[2013/01/29 07:01:43 | 000,015,360 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atigktxx.dll

[2013/01/29 07:01:43 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atig6pxx.dll

[2013/01/29 07:01:43 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atiglpxx.dll

[2013/01/29 07:01:43 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atiglpxx.dll

[2013/01/29 07:01:43 | 000,012,288 | ---- | C] (AMD) -- C:\windows\SysNative\atimuixx.dll

[2013/01/29 06:59:26 | 000,000,000 | ---D | C] -- C:\Intel

[2013/01/29 06:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent

[2013/01/29 06:58:37 | 000,056,344 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\drivers\HECIx64.sys

[2013/01/29 06:56:41 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution

[2013/01/29 06:56:19 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\windows\SysWow64\CSVer.dll

[2013/01/29 06:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel

Link to post
Share on other sites
pgpav2003

pgpav2003

Posted
  • Author
Posted

[2013/01/29 06:55:34 | 000,000,000 | ---D | C] -- C:\TOSHIBA

[2013/01/28 15:38:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\pete\Desktop\OTL.exe

[2013/01/28 15:28:58 | 000,000,000 | ---D | C] -- C:\windows\temp

[2013/01/28 15:26:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/01/28 15:20:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2013/01/28 15:20:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2013/01/28 15:20:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2013/01/28 15:17:06 | 000,000,000 | ---D | C] -- C:\Users\pete\AppData\Local\TOSHIBA_Corporation

[2013/01/28 15:17:06 | 000,000,000 | ---D | C] -- C:\Users\pete\AppData\Local\Tific

[2013/01/28 15:08:54 | 000,000,000 | ---D | C] -- C:\Users\pete\AppData\Roaming\Tific

[2013/01/28 15:02:44 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/01/28 15:02:30 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2013/01/28 14:57:44 | 000,000,000 | ---D | C] -- C:\Users\pete\AppData\Roaming\Toshiba

[2013/01/28 14:53:29 | 000,000,000 | ---D | C] -- C:\Users\pete\Desktop\clean install virus folder

[2013/01/28 14:50:00 | 000,000,000 | ---D | C] -- C:\Users\pete\Desktop\RK_Quarantine

[2013/01/28 14:48:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MustBeRandomlyNamedby me

[2013/01/28 14:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE

[2013/01/28 14:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MustBeRandomlyNamed

[2013/01/28 14:44:49 | 005,026,296 | R--- | C] (Swearware) -- C:\Users\pete\Desktop\ComboFix.exe

[2013/01/28 14:43:03 | 000,000,000 | ---D | C] -- C:\Users\pete\AppData\Roaming\ATI

[2013/01/28 14:43:03 | 000,000,000 | ---D | C] -- C:\Users\pete\AppData\Local\ATI

[2013/01/28 14:42:31 | 000,000,000 | ---D | C] -- C:\Users\pete\AppData\Local\Toshiba

[2013/01/28 14:41:26 | 000,000,000 | R--D | C] -- C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2013/01/28 14:41:26 | 000,000,000 | R--D | C] -- C:\Users\pete\Searches

[2013/01/28 14:41:26 | 000,000,000 | R--D | C] -- C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2013/01/28 14:41:26 | 000,000,000 | -H-D | C] -- C:\Users\pete\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2013/01/28 14:41:13 | 000,000,000 | ---D | C] -- C:\Users\pete\AppData\Roaming\Identities

[2013/01/28 14:41:06 | 000,000,000 | R--D | C] -- C:\Users\pete\Contacts

[2013/01/28 14:41:04 | 000,000,000 | ---D | C] -- C:\Users\pete\AppData\Local\VirtualStore

[2013/01/28 14:40:12 | 000,000,000 | -HSD | C] -- C:\Users\pete\AppData\Local\Temporary Internet Files

[2013/01/28 14:40:12 | 000,000,000 | -HSD | C] -- C:\Users\pete\Templates

[2013/01/28 14:40:12 | 000,000,000 | -HSD | C] -- C:\Users\pete\Start Menu

[2013/01/28 14:40:12 | 000,000,000 | -HSD | C] -- C:\Users\pete\SendTo

[2013/01/28 14:40:12 | 000,000,000 | -HSD | C] -- C:\Users\pete\Recent

[2013/01/28 14:40:12 | 000,000,000 | -HSD | C] -- C:\Users\pete\PrintHood

[2013/01/28 14:40:12 | 000,000,000 | -HSD | C] -- C:\Users\pete\NetHood

[2013/01/28 14:40:12 | 000,000,000 | -HSD | C] -- C:\Users\pete\Documents\My Videos

[2013/01/28 14:40:12 | 000,000,000 | -HSD | C] -- C:\Users\pete\Documents\My Pictures

[2013/01/28 14:40:12 | 000,000,000 | -HSD | C] -- C:\Users\pete\Documents\My Music

[2013/01/28 14:40:12 | 000,000,000 | -HSD | C] -- C:\Users\pete\My Documents

[2013/01/28 14:40:12 | 000,000,000 | -HSD | C] -- C:\Users\pete\Local Settings

[2013/01/28 14:40:12 | 000,000,000 | -HSD | C] -- C:\Users\pete\AppData\Local\History

[2013/01/28 14:40:12 | 000,000,000 | -HSD | C] -- C:\Users\pete\Cookies

[2013/01/28 14:40:12 | 000,000,000 | -HSD | C] -- C:\Users\pete\Application Data

[2013/01/28 14:40:12 | 000,000,000 | -HSD | C] -- C:\Users\pete\AppData\Local\Application Data

[2013/01/28 14:40:11 | 000,000,000 | --SD | C] -- C:\Users\pete\AppData\Roaming\Microsoft

[2013/01/28 14:40:11 | 000,000,000 | R--D | C] -- C:\Users\pete\Videos

[2013/01/28 14:40:11 | 000,000,000 | R--D | C] -- C:\Users\pete\Saved Games

[2013/01/28 14:40:11 | 000,000,000 | R--D | C] -- C:\Users\pete\Pictures

[2013/01/28 14:40:11 | 000,000,000 | R--D | C] -- C:\Users\pete\Music

[2013/01/28 14:40:11 | 000,000,000 | R--D | C] -- C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2013/01/28 14:40:11 | 000,000,000 | R--D | C] -- C:\Users\pete\Links

[2013/01/28 14:40:11 | 000,000,000 | R--D | C] -- C:\Users\pete\Favorites

[2013/01/28 14:40:11 | 000,000,000 | R--D | C] -- C:\Users\pete\Downloads

[2013/01/28 14:40:11 | 000,000,000 | R--D | C] -- C:\Users\pete\Documents

[2013/01/28 14:40:11 | 000,000,000 | R--D | C] -- C:\Users\pete\Desktop

[2013/01/28 14:40:11 | 000,000,000 | R--D | C] -- C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2013/01/28 14:40:11 | 000,000,000 | -H-D | C] -- C:\Users\pete\AppData

[2013/01/28 14:40:11 | 000,000,000 | ---D | C] -- C:\Users\pete\AppData\Local\Temp

[2013/01/28 14:40:11 | 000,000,000 | ---D | C] -- C:\Users\pete\AppData\Local\Microsoft

[2013/01/28 14:40:11 | 000,000,000 | ---D | C] -- C:\Users\pete\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2013/01/29 08:07:07 | 000,039,252 | ---- | M] () -- C:\windows\SysWow64\license.rtf

[2013/01/29 08:07:07 | 000,039,252 | ---- | M] () -- C:\windows\SysNative\license.rtf

[2013/01/29 07:51:35 | 000,001,332 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk

[2013/01/29 07:51:28 | 000,000,945 | ---- | M] () -- C:\windows\SysWow64\mapisvc.inf

[2013/01/29 07:50:31 | 000,796,914 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2013/01/29 07:29:16 | 000,000,000 | ---- | M] () -- C:\windows\NDSTray.INI

[2013/01/29 07:24:50 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\TOSHIBA Media Controller.lnk

[2013/01/29 07:23:43 | 000,000,040 | -H-- | M] () -- C:\windows\SysNative\ivireg.ivr

[2013/01/29 07:16:36 | 000,696,784 | ---- | M] () -- C:\windows\SysNative\oem27.inf

[2013/01/29 07:16:13 | 003,891,200 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\bcmihvsrv64.dll

[2013/01/29 07:16:13 | 003,555,840 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\bcmihvui64.dll

[2013/01/29 07:16:13 | 003,058,168 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\drivers\BCMWL664.SYS

[2013/01/29 07:16:13 | 000,095,472 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\bcmwlcoi.dll

[2013/01/29 07:16:13 | 000,006,656 | ---- | M] () -- C:\windows\SysNative\bcmwlrc.dll

[2013/01/29 07:12:52 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf

[2013/01/29 07:04:12 | 000,000,000 | ---- | M] () -- C:\windows\ativpsrm.bin

[2013/01/28 15:41:16 | 000,845,380 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2013/01/28 15:41:16 | 000,713,058 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2013/01/28 15:41:16 | 000,142,956 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2013/01/28 15:36:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013/01/28 15:36:27 | 3110,080,512 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/28 15:33:08 | 000,016,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/28 15:33:08 | 000,016,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/28 15:26:11 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2013/01/28 15:18:08 | 000,416,224 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2013/01/28 14:49:31 | 000,035,712 | ---- | M] () -- C:\windows\SysWow64\drivers\KdIxijiP.sys

[2013/01/28 03:32:52 | 000,756,224 | ---- | M] () -- C:\Users\pete\Desktop\RogueKillerX64.exe

[2013/01/25 23:03:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pete\Desktop\OTL.exe

[2013/01/24 11:54:52 | 005,026,296 | R--- | M] (Swearware) -- C:\Users\pete\Desktop\ComboFix.exe

========== Files Created - No Company Name ==========

[2013/01/29 07:53:52 | 000,001,520 | ---- | C] () -- C:\Users\Public\Desktop\UserGuide.lnk

[2013/01/29 07:52:39 | 000,003,374 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1105000.07F\SymEFA.inf

[2013/01/29 07:52:39 | 000,002,793 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1105000.07F\SymDS.inf

[2013/01/29 07:52:39 | 000,001,840 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1105000.07F\ccHPx64.inf

[2013/01/29 07:52:39 | 000,001,473 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1105000.07F\SymNetV.inf

[2013/01/29 07:52:39 | 000,001,445 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1105000.07F\SymNet.inf

[2013/01/29 07:52:39 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1105000.07F\srtsp64.inf

[2013/01/29 07:52:39 | 000,001,421 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1105000.07F\srtspx64.inf

[2013/01/29 07:52:39 | 000,000,772 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1105000.07F\Iron.inf

[2013/01/29 07:52:31 | 000,007,787 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1105000.07F\symnetv64.cat

[2013/01/29 07:52:31 | 000,007,414 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1105000.07F\srtspx64.cat

[2013/01/29 07:52:31 | 000,007,412 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1105000.07F\SymEFA64.cat

[2013/01/29 07:52:31 | 000,007,410 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1105000.07F\srtsp64.cat

[2013/01/29 07:52:31 | 000,007,406 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1105000.07F\SymDS64.cat

[2013/01/29 07:52:31 | 000,007,402 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1105000.07F\iron.cat

[2013/01/29 07:52:31 | 000,007,368 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1105000.07F\symnet64.cat

[2013/01/29 07:52:31 | 000,007,345 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1105000.07F\cchpx64.cat

[2013/01/29 07:52:31 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1105000.07F\isolate.ini

[2013/01/29 07:51:35 | 000,001,332 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk

[2013/01/29 07:48:36 | 000,796,914 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2013/01/29 07:37:32 | 000,001,391 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk

[2013/01/29 07:37:19 | 000,001,349 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk

[2013/01/29 07:29:16 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI

[2013/01/29 07:24:50 | 000,001,711 | ---- | C] () -- C:\Users\Public\Desktop\TOSHIBA Media Controller.lnk

[2013/01/29 07:23:07 | 000,000,040 | -H-- | C] () -- C:\windows\SysNative\ivireg.ivr

[2013/01/29 07:22:09 | 000,002,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Media Creator Help.lnk

[2013/01/29 07:22:09 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Recovery Media Creator.lnk

[2013/01/29 07:17:02 | 000,696,784 | ---- | C] () -- C:\windows\SysNative\oem27.inf

[2013/01/29 07:16:17 | 000,006,656 | ---- | C] () -- C:\windows\SysNative\bcmwlrc.dll

[2013/01/29 07:12:52 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf

[2013/01/29 07:11:03 | 000,074,272 | ---- | C] () -- C:\windows\SysNative\RtNicProp64.dll

[2013/01/29 07:04:12 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2013/01/29 07:01:43 | 000,511,072 | ---- | C] () -- C:\windows\SysWow64\atiumdva.cap

[2013/01/29 07:01:43 | 000,511,072 | ---- | C] () -- C:\windows\SysNative\atiumd6a.cap

[2013/01/29 07:01:43 | 000,332,288 | ---- | C] () -- C:\windows\SysNative\ATIODE.exe

[2013/01/29 07:01:43 | 000,201,875 | ---- | C] () -- C:\windows\SysNative\atiicdxx.dat

[2013/01/29 07:01:43 | 000,051,200 | ---- | C] () -- C:\windows\SysNative\ATIODCLI.exe

[2013/01/29 07:01:43 | 000,033,624 | ---- | C] () -- C:\windows\SysNative\atiapfxx.blb

[2013/01/29 07:01:43 | 000,020,692 | ---- | C] () -- C:\windows\atiogl.xml

[2013/01/29 07:01:43 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

[2013/01/29 07:01:43 | 000,001,105 | ---- | C] () -- C:\windows\SysNative\atipblag.dat

[2013/01/29 06:51:00 | 3110,080,512 | -HS- | C] () -- C:\hiberfil.sys

[2013/01/28 15:20:02 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2013/01/28 15:20:02 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2013/01/28 15:20:02 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2013/01/28 15:20:02 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2013/01/28 15:20:02 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2013/01/28 14:49:06 | 000,035,712 | ---- | C] () -- C:\windows\SysWow64\drivers\KdIxijiP.sys

[2013/01/28 14:44:00 | 000,756,224 | ---- | C] () -- C:\Users\pete\Desktop\RogueKillerX64.exe

[2013/01/28 14:41:35 | 000,001,424 | ---- | C] () -- C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2013/01/28 14:41:28 | 000,001,458 | ---- | C] () -- C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2013/01/28 14:40:11 | 000,000,290 | ---- | C] () -- C:\Users\pete\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2013/01/28 14:40:11 | 000,000,272 | ---- | C] () -- C:\Users\pete\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== ZeroAccess Check ==========

[2009/07/14 15:25:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 12:11:54 | 014,161,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 11:46:14 | 012,866,560 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 11:45:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Link to post
Share on other sites
pgpav2003

pgpav2003

Posted
  • Author
Posted

You don't happen to know any very very strong disk tools that I could use to remove the small partitions I have found on my hard drive. I have a one meg one at the beginning of the drive and a 1.3 at the end of the drive. neither of which can be deleted or merged into the other disk space. I have tried Darrins disk nuker and Gparted as well as sea tools. Have also joined malware removal as I guess I like helping people also and will take on trying to learn enough to graduate from their university in the hope that I can help people with their malware problems as well. :) One day into the future .. :0 :)

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hey pgpav2003,

OK let's see what we can find.

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click Change parameters.
  • Make sure you check the box Loaded modules.
  • A window will popup and say Reboot is required. Please click Reboot now.
  • Then click Change parameters again. Check the box Detect TDLFS file system.
  • Click on the Start Scan button.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue. tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue. tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button.
  • Once the tool has finished, please click Report. Please copy and paste the contents of that log in your reply.
    Note: A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt).

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Howdy pgpav2003,

Time to start using some more advanced tools.

  • Please download ListParts to your Desktop.
  • Double click ListParts.exe to launch the program.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on your Desktop.
  • Please post the contents of the log in your reply.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.