Jump to content

I cant update Mbam, I think i have a virus


Recommended Posts

well I tried to post in bleeping computer but i couldnt get this topic box, so i'm relieved that i'm able to do so here. well first i notice a couple days ago that my searches on google werent going where i wanted them to go, they were being sent to other websites, so i researched and found out it might be malware.

I did a few things, i ran mbam in safe mode ( after turning off cd emulation with defogger, backing up my stuff) whenever i tried to update i'd get the 12007 0 winhttpsendrequest indicating i was unable to recieve the update.

mbam did find cookies and such but if i go into internet explorer the problem is still there,

i tried to run gmer and it only allow 3 boxes to be scanned on the menu... so i know something is up with that.

further to my suspicions, i looked up this error code on your forums, i found the exact issue I tried to click on it and bang, its said mozilla firefox is offline try again. which it wasnt because i clicked on another topic in the same forum and it worked.

ok i havent run hijack this yet but here are my dds logs

DDS (Ver_10-03-17.01) - NTFSX64

Run by MOjet1 at 18:28:56.13 on Sun 07/18/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.942 [GMT -4:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe

C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Vidalia Bundle\Tor\tor.exe

C:\windows\system32\conhost.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Uniblue\DriverScanner\driverscanner.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\Users\MOjet1\Downloads\dds.scr

C:\windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mLocal Page = c:\windows\syswow64\blank.htm

uInternet Settings,ProxyServer = 127.0.0.1:8118

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton security suite\engine\4.2.0.12\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton security suite\engine\4.2.0.12\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files (x86)\search toolbar\tbcore3.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton security suite\engine\4.2.0.12\coIEPlg.dll

TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files (x86)\search toolbar\tbcore3.dll

uRun: [Vidalia] "c:\program files (x86)\vidalia bundle\vidalia\vidalia.exe"

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRunOnce: [uniblueDriverScanner] c:\program files (x86)\uniblue\driverscanner\Launcher.exe delay

mRun: [ToshibaServiceStation] "c:\program files (x86)\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [<NO NAME>]

mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~2\mif5ba~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\mif5ba~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\mif5ba~1\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File

mRun-x64: [(Default)]

mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun-x64: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe

mRun-x64: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

mRun-x64: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe

mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\mojet1\appdata\roaming\mozilla\firefox\profiles\4t6796v2.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2399412&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2399412&q=

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\users\mojet1\appdata\roaming\mozilla\firefox\profiles\4t6796v2.default\extensions\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}\components\FFExternalAlert.dll

FF - component: c:\users\mojet1\appdata\roaming\mozilla\firefox\profiles\4t6796v2.default\extensions\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}\components\RadioWMPCore.dll

FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\mojet1\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: google.toolbar.linkdoctor.enabled - false

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-3-14 55280]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360x64\0402000.00c\symds64.sys [2010-6-1 433200]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360x64\0402000.00c\symefa64.sys [2010-6-1 221232]

R0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\drivers\tos_sps64.sys [2010-3-14 482384]

R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100709.001\BHDrvx64.sys [2010-7-12 942640]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360x64\0402000.00c\cchpx64.sys [2010-6-1 615040]

R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100716.001\IDSviA64.sys [2010-7-16 463408]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\saskutil64.sys [2010-2-17 12360]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360x64\0402000.00c\ironx64.sys [2010-6-1 150064]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360x64\0402000.00c\symtdiv.sys [2010-6-1 451120]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-6-29 128752]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-3-14 203264]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\toshiba\configfree\CFIWmxSvcs64.exe [2009-8-10 248688]

R2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\toshiba\configfree\CFProcSRVC.exe [2009-7-14 42368]

R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]

R2 N360;Norton Security Suite;c:\program files (x86)\norton security suite\engine\4.2.0.12\ccsvchst.exe [2010-6-1 126392]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 252272]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 14472]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-3 132656]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-3-14 9216]

R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-3-14 35008]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-11-5 291328]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1103904]

R3 TMachInfo;TMachInfo;c:\program files (x86)\toshiba\toshiba service station\TMachInfo.exe [2010-3-14 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-17 137560]

R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-4 826224]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-4-10 135664]

S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-4-9 19544]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-3-14 222208]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-16 1255736]

=============== Created Last 30 ================

2010-07-18 22:12:38 0 ----a-w- c:\users\mojet1\defogger_reenable

2010-07-18 22:00:16 423656 ----a-w- c:\windows\syswow64\deployJava1.dll

2010-07-18 22:00:16 153376 ----a-w- c:\windows\syswow64\javaws.exe

2010-07-18 22:00:16 145184 ----a-w- c:\windows\syswow64\javaw.exe

2010-07-18 22:00:16 145184 ----a-w- c:\windows\syswow64\java.exe

2010-07-18 21:56:57 0 d-----w- c:\programdata\Uniblue

2010-07-18 21:56:35 0 d-----w- c:\users\mojet1\appdata\roaming\Uniblue

2010-07-18 21:56:17 0 d-----w- c:\program files (x86)\Uniblue

2010-07-18 11:53:45 0 d-----w- c:\users\mojet1\appdata\roaming\Malwarebytes

2010-07-18 11:53:20 0 d-----w- c:\programdata\Malwarebytes

2010-07-18 11:53:18 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-18 08:21:02 0 d-----w- c:\users\mojet1\appdata\roaming\SUPERAntiSpyware.com

2010-07-18 08:21:02 0 d-----w- c:\programdata\SUPERAntiSpyware.com

2010-07-18 08:20:51 0 d-----w- c:\programdata\!SASCORE

2010-07-18 08:20:47 0 d-----w- c:\program files\SUPERAntiSpyware

2010-07-18 06:48:45 0 d-----w- c:\users\mojet1\DoctorWeb

2010-07-17 19:58:25 0 d-----w- c:\windows\pss

2010-07-17 16:24:27 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-07-17 16:24:27 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy

2010-07-17 15:53:03 0 d-----w- c:\programdata\FrontLine Registry Cleaner

2010-07-17 15:52:54 0 d-----w- c:\program files (x86)\Frontline Registry Cleaner

2010-07-15 17:10:24 0 d-----w- c:\program files (x86)\CCleaner

2010-07-14 19:25:31 144384 ----a-w- c:\windows\system32\cdd.dll

2010-06-28 09:58:57 23 ----a-w- c:\program files (x86)\hfkud16.sys

2010-06-28 09:58:22 0 d-----w- c:\program files (x86)\TVPlayerUniversal

2010-06-27 17:02:38 0 d-----w- c:\programdata\McAfee

2010-06-23 07:01:34 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll

2010-06-23 07:01:33 49472 ----a-w- c:\windows\syswow64\netfxperf.dll

2010-06-23 07:01:33 48960 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-23 07:01:33 444752 ----a-w- c:\windows\system32\mscoree.dll

2010-06-23 07:01:33 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-23 07:01:33 297808 ----a-w- c:\windows\syswow64\mscoree.dll

2010-06-23 07:01:33 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe

2010-06-23 07:01:33 1942856 ----a-w- c:\windows\system32\dfshim.dll

2010-06-23 07:01:33 1130824 ----a-w- c:\windows\syswow64\dfshim.dll

2010-06-23 07:01:33 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-22 19:24:07 1736608 ----a-w- c:\windows\system32\ntdll.dll

2010-06-22 19:24:07 1289528 ----a-w- c:\windows\syswow64\ntdll.dll

2010-06-22 19:23:33 961024 ----a-w- c:\windows\system32\CPFilters.dll

2010-06-22 19:23:30 641536 ----a-w- c:\windows\syswow64\CPFilters.dll

2010-06-22 19:23:29 552960 ----a-w- c:\windows\system32\msdri.dll

2010-06-22 19:23:29 258560 ----a-w- c:\windows\system32\mpg2splt.ax

2010-06-22 19:23:29 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax

2010-06-22 19:23:28 288256 ----a-w- c:\windows\system32\MSNP.ax

2010-06-22 19:23:28 204288 ----a-w- c:\windows\syswow64\MSNP.ax

2010-06-19 07:09:59 0 d-----w- c:\programdata\Adobe Systems

2010-06-19 06:51:33 0 d-----w- c:\program files (x86)\common files\Adobe Systems Shared

2010-06-19 06:13:44 0 d-----w- c:\users\mojet1\wedding

==================== Find3M ====================

2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll

2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll

2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll

2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll

2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys

2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2010-04-11 04:58:55 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2010-04-09 23:56:06 13 --sh--r- c:\windows\system32\drivers\fbd.sys

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:30:21.49 ===============

and my mbam logs

Malwarebytes' Anti-Malware 1.46

DB: 4052

IE: Internet Explorer 8.0.7600.16385

OS: Windows 6.1.7600

EX: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam

DB: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

U: MOjet1

W: C:\windows

S: C:\windows\system32

RD: C:

PF: C:\Program Files

PF: C:\Program Files (x86)

CF: C:\Program Files (x86)\Common Files

CF: C:\Program Files\Common Files

DAS: C:\Users

D: C:\Users\Default\Desktop

D: C:\Users\MOjet1\Desktop

D: C:\Users\Public\Desktop

D: C:\Windows\ServiceProfiles\LocalService\Desktop

D: C:\Windows\ServiceProfiles\NetworkService\Desktop

SM: C:\ProgramData\Microsoft\Windows\Start Menu

SM: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

SM: C:\Users\MOjet1\AppData\Roaming\Microsoft\Windows\Start Menu

SM: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu

SM: C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu

UR: C:\Users\Default

UR: C:\Users\MOjet1

UR: C:\Users\Public

UR: C:\Windows\ServiceProfiles\LocalService

UR: C:\Windows\ServiceProfiles\NetworkService

UR: C:\windows\system32\config\systemprofile

F: C:\Users\Default\Favorites

F: C:\Users\MOjet1\Favorites

F: C:\Users\Public\Favorites

F: C:\Windows\ServiceProfiles\LocalService\Favorites

F: C:\Windows\ServiceProfiles\NetworkService\Favorites

AD: C:\ProgramData

AD: C:\Users\MOjet1\AppData\Roaming

AD: C:\Users\Default\AppData\Roaming

AD: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming

AD: C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming

AD: C:\windows\system32\config\systemprofile\AppData\Roaming

QL: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch

QL: C:\Users\MOjet1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch

QL: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch

QL: C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch

TF: C:\Users\Default\AppData\Local\Temp

TF: C:\Users\MOjet1\AppData\Local\Temp

TF: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp

TF: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp

TF: C:\windows\Temp

i know there is alot i have forgotten, so please let me know what i need to do next, i really appreciate all that you can do for me. thank you.

P: C:\ProgramData\Microsoft\Windows\Start Menu\Programs

P: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

P: C:\Users\MOjet1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

P: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

P: C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

S: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

S: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

S: C:\Users\MOjet1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

D: C:\Users\Default\Documents

D: C:\Users\MOjet1\Documents

D: C:\Users\Public\Documents

D: C:\Windows\ServiceProfiles\LocalService\Documents

D: C:\Windows\ServiceProfiles\NetworkService\Documents

dds_2.txt

Link to post
Share on other sites

  • 3 weeks later...
Hello and welcome to Malwarebytes.

My apologies for the extended delay; do you still need help?

no problem at all , i really do need help. currently i have posted in two forums yours and bleeping computer and i was just waiting for a reply. as for mbam not updating i had to change the name of the file to confuse whatever it is on my computer to update and now it updates. but i dont think it finds whats hiding on my computer. when i search on Google it doesnt redirect it, because of the add on that i put on mozilla, but yahoo searches still get redirected and the odd google search still gets redirected to some crap listing site. so here is what i have done thus far, ran gmer.. only three of the boxes under toolkit show up with an error mssg that says, cant uses window, system32, config/system file in use, then it scans with another popup of same mssg with same results, apparently my comp is clean. I changed my router password from its default one last saturday and now it works quickly, where as before it was slowing down. i have run mbam several times it always finds a tracking cookie or two or thirty, i have and do run regularly superantispyware at first it found some stuff, but it was mostly only cookies, one trojan.. i have run rootkit, it finds nothing, i have done this in safe mode and normal mode. But i know something is there, can you help. here are ( attached) my dds logs, my otl logs, mymbr logs and my mbam logs

Done!

i havent run hijack this, as yet simply because not sure what to do with it all, nor have i touched combofix.. let me know what would be the best solution. all the above test were run with my machine defogged..

thanks for your help..

DDS_1.txt

Attach_aug_2010.txt

MBRCheck_08.04.10_02.43.47.txt

OTL.Txt

mbam_log_2010_07_18__07_59_07_.txt

avgrep.txt

Link to post
Share on other sites

  • Staff

Hi,

In the future please post all logs directly into your reply instead of attaching them.

With that said, please update MBAM, run a Quick Scan, and post its log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

-screen317

Link to post
Share on other sites

Hi,

In the future please post all logs directly into your reply instead of attaching them.

With that said, please update MBAM, run a Quick Scan, and post its log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

-screen317

hi ok i will do that, I tried to post the logs instead of attaching them but it said it was too big. ok will get back to you soon.

I have run eset online scanner several times, it finds nothing> but i will do so again and post the logs here.

Thanks

Link to post
Share on other sites

hi ok i will do that, I tried to post the logs instead of attaching them but it said it was too big. ok will get back to you soon.

I have run eset online scanner several times, it finds nothing> but i will do so again and post the logs here.

Thanks

my mbam log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4375

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

8/6/2010 12:59:08

mbam-log-2010-08-06 (12-59-08).txt

Scan type: Quick scan

Objects scanned: 132063

Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

my eset scanner log:

C:\Program Files (x86)\Mozilla Firefox\SmitfraudFix\Process.exe Win32/PrcView application cleaned by deleting - quarantined

C:\Program Files (x86)\Mozilla Firefox\SmitfraudFix\restart.exe Win32/Shutdown.NAA application cleaned by deleting - quarantined

C:\Users\MOjet1\Downloads\SmitfraudFix.exe multiple threats deleted - quarantined

C:\Users\MOjet1\Downloads\SmitfraudFix\Process.exe Win32/PrcView application cleaned by deleting - quarantined

C:\Users\MOjet1\Downloads\SmitfraudFix\restart.exe Win32/Shutdown.NAA application cleaned by deleting - quarantined

C:\Windows\System32\Process.exe Win32/PrcView application cleaned by deleting - quarantined

it found threats and fixed em, but yahoo searches are still being redirected, now some pages arent opening at all even if i copy and paste the url.

Link to post
Share on other sites

  • Staff

It is likely that you router is infected.

Please restore it to factory default settings (by accessing 192.168.0.1 or 192.168.1.1 or whatever your manufacturer specifies).

Next, change the default password!

Next, on your computer, navigate to Start --> Run, and enter cmd.exe; press Enter.

In the black box that appears, enter ipconfig /flushdns

Press Enter.

Close cmd.exe, restart your computer, and let me know if the issue persists.

-screen317

Link to post
Share on other sites

It is likely that you router is infected.

Please restore it to factory default settings (by accessing 192.168.0.1 or 192.168.1.1 or whatever your manufacturer specifies).

Next, change the default password!

Next, on your computer, navigate to Start --> Run, and enter cmd.exe; press Enter.

In the black box that appears, enter ipconfig /flushdns

Press Enter.

Close cmd.exe, restart your computer, and let me know if the issue persists.

-screen317

yes it does, i did all these steps two weeks ago, i did them again this morning, yahoo searches are still being hijacked and certain google searches are too. it helped initially when i first did it a few weeks ago, but i am still having reports from mbam that a malicious site is trying to access my comp, also certain webpages get blocked.

Link to post
Share on other sites

  • Staff

Hi,

Where are Yahoo searches getting hijacked to?

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

Hi,

Where are Yahoo searches getting hijacked to?

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

they are redirected to crappy shopping list sites...ok heres one "http://www.freshdeals.com/deals.php?uvx=iOogDni088shv1nPQ-3e_Pw--f4X7x5PzFPUSxhmQT7KYzGkBecg3wQPsPH7dFv-NWYOSEZExN5W_At1cf5WMsxZAT46sLT628DcDwQPGXDkfJBDqYbRx5mcSEu_NjoddBnbWliQPM4YBA-pG4r9EQsD3AA27D0zhDTc12McIudUWHLut9yK2pBEPU4hhNnR8weLmaglIwYLKoztYGvsLty5S2mGoLV

PO1JJxJPhLH1oPD7ffoqmwQ**" and another "bridge1.admarketplace.net." i have had shopica,, shoppingmarkets. etc.

otl text>

OTL logfile created on: 8/8/2010 13:16:10 - Run 2

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\MOjet1\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 19.00% Memory free

7.00 Gb Paging File | 3.00 Gb Available in Paging File | 42.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 287.61 Gb Total Space | 179.05 Gb Free Space | 62.26% Space Free | Partition Type: NTFS

Drive D: | 4.38 Gb Total Space | 0.08 Gb Free Space | 1.85% Space Free | Partition Type: UDF

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MOJET1-PC

Current User Name: MOjet1

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/04 02:49:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\MOjet1\Downloads\OTL.exe

PRC - [2010/07/24 13:28:22 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

PRC - [2010/07/24 13:28:21 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010/07/23 05:26:07 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

PRC - [2010/07/20 22:05:07 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe

PRC - [2010/07/20 21:49:30 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

PRC - [2010/07/20 21:49:15 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe

PRC - [2010/07/20 21:48:44 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/03/16 20:58:44 | 002,162,688 | ---- | M] () -- C:\Program Files (x86)\Vidalia Bundle\Tor\tor.exe

PRC - [2010/02/27 23:45:02 | 005,344,807 | ---- | M] () -- C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe

PRC - [2009/07/28 23:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

PRC - [2009/07/14 22:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

PRC - [2009/07/13 18:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe

PRC - [2007/04/27 19:30:54 | 000,380,928 | ---- | M] (QSX Software Group) -- C:\Program Files (x86)\Ovulation Calendar\OvuCal.exe

========== Modules (SafeList) ==========

MOD - [2010/08/04 02:49:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\MOjet1\Downloads\OTL.exe

MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2009/09/17 15:41:36 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/08/21 12:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2009/08/11 19:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2009/08/04 14:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2009/07/30 02:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/28 19:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2010/07/20 22:05:07 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)

SRV - [2010/07/20 21:48:44 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/08/17 13:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2009/08/10 22:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

SRV - [2009/07/14 22:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)

SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)

DRV:64bit: - [2010/07/20 21:50:49 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)

DRV:64bit: - [2010/07/20 21:50:40 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)

DRV:64bit: - [2010/07/20 21:50:36 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)

DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)

DRV:64bit: - [2009/11/05 14:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/09/28 02:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)

DRV:64bit: - [2009/08/05 22:04:06 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/30 15:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/07/24 18:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2009/07/20 20:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)

DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/05 03:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV - [2010/08/04 02:30:31 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\SysWow64\drivers\Normandy.sys -- (Normandy)

DRV - [2010/07/23 05:26:07 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)

DRV - [2010/07/23 05:26:06 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/07/23 05:26:06 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?r0=1279861101

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 6C 6F 74 B6 26 CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig?brand=TSNA&bmod=TSNA

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8118

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Users/MOjet1/AppData/Local/Google/Chrome/User%20Data/Default/Extensions/caehdcpeofiiigpdhbabniblemipncjj/SwitchyAuto.pac?1281170372375

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Free TV Bar c3 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2399412&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.21.3

FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.2.1

FF - prefs.js..extensions.enabledItems: tabberwocky@studio17.wordpress.com:1.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: optimizegoogle@optimizegoogle.com:0.78.1

FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1

FF - prefs.js..extensions.enabledItems: craigslistpeek@tech4computer:0.042

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845

FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.2.2.development.3

FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/07/20 22:05:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/07/20 21:50:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/24 13:28:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/31 17:30:57 | 000,000,000 | ---D | M]

[2010/04/10 04:04:18 | 000,000,000 | ---D | M] -- C:\Users\MOjet1\AppData\Roaming\mozilla\Extensions

[2010/08/08 03:57:04 | 000,000,000 | ---D | M] -- C:\Users\MOjet1\AppData\Roaming\mozilla\Firefox\Profiles\4t6796v2.default\extensions

[2010/07/19 00:28:45 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\MOjet1\AppData\Roaming\mozilla\Firefox\Profiles\4t6796v2.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}

[2010/07/19 00:47:31 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\MOjet1\AppData\Roaming\mozilla\Firefox\Profiles\4t6796v2.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

[2010/07/29 03:54:52 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\MOjet1\AppData\Roaming\mozilla\Firefox\Profiles\4t6796v2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/07/19 00:43:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\MOjet1\AppData\Roaming\mozilla\Firefox\Profiles\4t6796v2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/07/31 16:15:47 | 000,000,000 | ---D | M] -- C:\Users\MOjet1\AppData\Roaming\mozilla\Firefox\Profiles\4t6796v2.default\extensions\craigslistpeek@tech4computer

[2010/07/22 11:54:13 | 000,000,000 | ---D | M] -- C:\Users\MOjet1\AppData\Roaming\mozilla\Firefox\Profiles\4t6796v2.default\extensions\firefox@ghostery.com

[2010/07/12 00:01:09 | 000,000,000 | ---D | M] -- C:\Users\MOjet1\AppData\Roaming\mozilla\Firefox\Profiles\4t6796v2.default\extensions\foxyproxy@eric.h.jung

[2010/07/26 01:56:16 | 000,000,000 | ---D | M] -- C:\Users\MOjet1\AppData\Roaming\mozilla\Firefox\Profiles\4t6796v2.default\extensions\https-everywhere@eff.org

[2010/07/18 19:21:56 | 000,000,000 | ---D | M] -- C:\Users\MOjet1\AppData\Roaming\mozilla\Firefox\Profiles\4t6796v2.default\extensions\optimizegoogle@optimizegoogle.com

[2010/07/17 17:39:05 | 000,000,000 | ---D | M] -- C:\Users\MOjet1\AppData\Roaming\mozilla\Firefox\Profiles\4t6796v2.default\extensions\tabberwocky@studio17.wordpress.com

[2010/06/08 11:30:18 | 000,000,931 | ---- | M] () -- C:\Users\MOjet1\AppData\Roaming\Mozilla\FireFox\Profiles\4t6796v2.default\searchplugins\conduit.xml

[2010/07/31 16:19:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/07/18 18:00:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/04/18 23:33:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\staff@hide-my-ip.com

[2010/07/18 17:59:50 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/17 15:50:52 | 000,412,182 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 14241 more lines...

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O4:64bit: - HKLM..\Run: [] File not found

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [Vidalia] C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe ()

O4 - Startup: C:\Users\MOjet1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ovulation Calendar.lnk = C:\Program Files (x86)\Ovulation Calendar\OvuCal.exe (QSX Software Group)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialo...osoft/wrc32.ocx (WRC Class)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/05/14 21:13:32 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/08/07 23:57:52 | 000,000,000 | RH-- | M] () - D:\autorun.wbcat -- [ UDF ]

O32 - AutoRun File - [2010/08/07 23:57:52 | 000,000,129 | ---- | M] () - D:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/07 12:38:12 | 000,000,000 | ---D | C] -- C:\VundoFix Backups

[2010/08/07 06:40:36 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/08/07 06:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BBC iPlayer Desktop

[2010/08/07 06:40:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2010/08/07 05:51:32 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\AppData\Roaming\StreamTorrent

[2010/08/07 05:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamTorrent 1.0

[2010/08/07 02:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion

[2010/08/07 02:36:24 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\Desktop\logs

[2010/08/04 12:34:10 | 000,000,000 | -H-D | C] -- C:\$AVG

[2010/08/01 02:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ovulation Calendar

[2010/07/31 17:20:04 | 000,000,000 | ---D | C] -- C:\windows\Sun

[2010/07/31 16:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS

[2010/07/29 03:58:00 | 000,289,144 | ---- | C] (S!Ri) -- C:\windows\SysWow64\VCCLSID.exe

[2010/07/29 03:58:00 | 000,288,417 | ---- | C] (S!Ri) -- C:\windows\SysWow64\SrchSTS.exe

[2010/07/29 03:58:00 | 000,135,168 | ---- | C] (SteelWerX) -- C:\windows\SysWow64\swreg.exe

[2010/07/29 03:58:00 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\VACFix.exe

[2010/07/29 03:58:00 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\IEDFix.exe

[2010/07/29 03:58:00 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\IEDFix.C.exe

[2010/07/29 03:58:00 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\404Fix.exe

[2010/07/29 03:58:00 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\o4Patch.exe

[2010/07/29 03:58:00 | 000,079,360 | ---- | C] (SteelWerX) -- C:\windows\SysWow64\swxcacls.exe

[2010/07/29 03:58:00 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\Agent.OMZ.Fix.exe

[2010/07/26 15:19:28 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\Documents\job stuff

[2010/07/26 02:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell

[2010/07/25 23:34:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys

[2010/07/23 05:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware

[2010/07/23 05:11:45 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\AppData\Roaming\SUPERAntiSpyware.com

[2010/07/23 01:14:58 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\Desktop\Downloads

[2010/07/23 01:14:53 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\AppData\Roaming\GetRightToGo

[2010/07/23 00:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2010/07/23 00:38:47 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCTL.OCX

[2010/07/23 00:38:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster

[2010/07/23 00:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareGuard

[2010/07/23 00:21:33 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\MOjet1\Desktop\fsbl.exe

[2010/07/22 23:34:57 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\AppData\Local\ElevatedDiagnostics

[2010/07/21 20:50:51 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%

[2010/07/21 00:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/07/20 22:08:17 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\AppData\Local\AVG Security Toolbar

[2010/07/20 22:07:55 | 000,000,000 | ---D | C] -- C:\bfu

[2010/07/20 21:50:51 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\avgrssta.dll

[2010/07/20 21:50:48 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgtdia.sys

[2010/07/20 21:50:40 | 000,269,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgldx64.sys

[2010/07/20 21:50:35 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgmfx64.sys

[2010/07/20 21:50:35 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\Avg

[2010/07/20 21:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar

[2010/07/20 21:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9

[2010/07/20 21:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2010/07/20 21:36:55 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\AppData\Roaming\Grisoft

[2010/07/20 21:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Grisoft

[2010/07/20 00:58:11 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\AppData\Local\Adobe

[2010/07/18 18:00:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2010/07/18 18:00:16 | 000,423,656 | ---- | C] (Oracle) -- C:\windows\SysWow64\deployJava1.dll

[2010/07/18 18:00:16 | 000,153,376 | ---- | C] (Oracle) -- C:\windows\SysWow64\javaws.exe

[2010/07/18 18:00:16 | 000,145,184 | ---- | C] (Oracle) -- C:\windows\SysWow64\javaw.exe

[2010/07/18 18:00:16 | 000,145,184 | ---- | C] (Oracle) -- C:\windows\SysWow64\java.exe

[2010/07/18 17:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2010/07/18 17:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue

[2010/07/18 17:56:35 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\AppData\Roaming\Uniblue

[2010/07/18 07:53:45 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\AppData\Roaming\Malwarebytes

[2010/07/18 07:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/07/18 07:53:18 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2010/07/18 04:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2010/07/18 04:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE

[2010/07/18 02:48:45 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\DoctorWeb

[2010/07/18 01:41:01 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\Desktop\wedding

[2010/07/18 01:39:51 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\Desktop\pics

[2010/07/18 01:37:31 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\Desktop\wils all

[2010/07/17 16:34:04 | 000,000,000 | ---D | C] -- C:\Users\MOjet1\Desktop\bookmarks

[2010/07/17 15:58:25 | 000,000,000 | ---D | C] -- C:\windows\pss

[2010/07/17 12:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010/07/17 12:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2010/07/17 11:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\FrontLine Registry Cleaner

[2010/07/17 11:52:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Frontline Registry Cleaner

[2010/07/17 11:50:29 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2010/07/15 13:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner

[2010/07/14 15:25:31 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll

========== Files - Modified Within 30 Days ==========

[2010/08/08 13:19:06 | 006,553,600 | -HS- | M] () -- C:\Users\MOjet1\ntuser.dat

[2010/08/08 13:19:04 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/08/08 13:14:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2027184126-505508850-3967297620-1000UA.job

[2010/08/08 13:10:56 | 000,000,435 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics

[2010/08/08 13:10:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2010/08/08 09:40:21 | 063,051,185 | ---- | M] () -- C:\windows\SysNative\drivers\Avg\incavi.avm

[2010/08/08 04:14:03 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2027184126-505508850-3967297620-1000Core.job

[2010/08/08 03:00:02 | 000,000,462 | ---- | M] () -- C:\windows\tasks\FrontLine Registry Cleaner Scheduled Scan - MOjet1.job

[2010/08/08 01:19:01 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/08/07 14:07:32 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/08/07 14:07:32 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/08/07 14:00:03 | 000,001,028 | ---- | M] () -- C:\Users\MOjet1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ovulation Calendar.lnk

[2010/08/07 13:59:34 | 000,524,288 | -HS- | M] () -- C:\Users\MOjet1\ntuser.dat{75053067-a24d-11df-b556-00266c4bf1e6}.TMContainer00000000000000000002.regtrans-ms

[2010/08/07 13:59:34 | 000,524,288 | -HS- | M] () -- C:\Users\MOjet1\ntuser.dat{75053067-a24d-11df-b556-00266c4bf1e6}.TMContainer00000000000000000001.regtrans-ms

[2010/08/07 13:59:34 | 000,065,536 | -HS- | M] () -- C:\Users\MOjet1\ntuser.dat{75053067-a24d-11df-b556-00266c4bf1e6}.TM.blf

[2010/08/07 13:59:29 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT

[2010/08/07 13:59:11 | 3016,884,224 | -HS- | M] () -- C:\hiberfil.sys

[2010/08/07 13:47:55 | 002,770,586 | -H-- | M] () -- C:\Users\MOjet1\AppData\Local\IconCache.db

[2010/08/07 11:58:10 | 000,000,000 | ---- | M] () -- C:\Users\MOjet1\defogger_reenable

[2010/08/07 05:51:31 | 000,001,128 | ---- | M] () -- C:\Users\MOjet1\Desktop\StreamTorrent 1.0.lnk

[2010/08/07 04:10:17 | 000,002,330 | ---- | M] () -- C:\Users\MOjet1\Desktop\Google Chrome.lnk

[2010/08/07 03:52:05 | 000,730,320 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2010/08/07 03:52:05 | 000,627,082 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2010/08/07 03:52:05 | 000,107,366 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2010/08/07 03:05:03 | 000,132,306 | ---- | M] () -- C:\Users\MOjet1\Documents\cc_20100807_030455.reg

[2010/08/07 02:43:44 | 000,001,018 | ---- | M] () -- C:\Users\MOjet1\Desktop\CCleaner.lnk

[2010/08/04 02:30:31 | 000,034,560 | ---- | M] () -- C:\windows\SysWow64\drivers\Normandy.sys

[2010/08/03 11:35:01 | 000,078,336 | ---- | M] () -- C:\Users\MOjet1\Desktop\ableton comments to set up patch.doc

[2010/08/01 21:08:20 | 019,461,015 | ---- | M] () -- C:\Users\MOjet1\Documents\vlc-1.1.2-win32.exe

[2010/08/01 02:14:13 | 000,000,992 | ---- | M] () -- C:\Users\MOjet1\Desktop\Ovulation Calendar.lnk

[2010/07/29 09:38:10 | 000,002,104 | ---- | M] () -- C:\windows\SysWow64\tmp.reg

[2010/07/29 09:38:10 | 000,000,691 | ---- | M] () -- C:\Users\MOjet1\AppData\Roaming\GetValue.vbs

[2010/07/29 09:38:10 | 000,000,035 | ---- | M] () -- C:\Users\MOjet1\AppData\Roaming\SetValue.bat

[2010/07/27 04:53:59 | 000,239,601 | ---- | M] () -- C:\Users\MOjet1\Desktop\property claim forms.pdf

[2010/07/26 03:21:28 | 000,000,940 | ---- | M] () -- C:\windows\SysNative\temp0201

[2010/07/26 03:21:28 | 000,000,004 | ---- | M] () -- C:\windows\SysNative\WowErr.dat

[2010/07/26 03:21:28 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\katch00

[2010/07/26 03:21:16 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\Zlob01

[2010/07/26 03:21:16 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\WareOut01

[2010/07/26 03:21:16 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\WareOut00

[2010/07/26 03:21:16 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\temp06

[2010/07/26 03:21:16 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\temp04

[2010/07/26 03:21:16 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\temp03

[2010/07/26 03:21:16 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\temp02

[2010/07/26 03:21:16 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\svctdss

[2010/07/26 03:21:16 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\katchNT-OS

[2010/07/26 03:21:14 | 000,000,006 | ---- | M] () -- C:\windows\SysNative\BootDrivers

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\Unhandled.dat

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\temp0103

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\temp0101

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\temp0100

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\temp000B

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\temp000A

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\temp0004.bat

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\temp0003

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\temp0002

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\temp0001

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\temp0000

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\System.dump02

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\System.dump01

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\System.dump00

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\SvcFull

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\SvcDumpFull02

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\SvcDumpFull01

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\SvcDumpFull00

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\SvcDumpFull

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\SvcDumpB

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\SvcDump00

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\SvcDump

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\SvcDiff

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\SvcCovered

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\suspectSvc.dat

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\ServiceFiles00

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\ServiceFiles.dat

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\RustB00

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\LockedServiceFiles00

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\LegacyNoSvc

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\LegacyFull

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\HandleList

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\Handle00

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\del03.bat

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\d-del_A.dat

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\CCS.bat

[2010/07/26 03:21:14 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\BootSvcs

[2010/07/25 23:34:11 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/23 05:20:17 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

[2010/07/23 03:51:47 | 000,021,770 | ---- | M] () -- C:\Users\MOjet1\Documents\cc_20100723_035127.reg

[2010/07/23 00:21:34 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\MOjet1\Desktop\fsbl.exe

[2010/07/21 00:13:42 | 000,001,131 | ---- | M] () -- C:\Users\MOjet1\Desktop\mbam-setup-1.46 - Shortcut.lnk

[2010/07/20 23:39:08 | 000,000,036 | ---- | M] () -- C:\Users\MOjet1\AppData\Local\housecall.guid.cache

[2010/07/20 21:50:56 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2010/07/20 21:50:53 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\avgrssta.dll

[2010/07/20 21:50:49 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgtdia.sys

[2010/07/20 21:50:40 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgldx64.sys

[2010/07/20 21:50:36 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgmfx64.sys

[2010/07/20 21:50:35 | 000,113,461 | ---- | M] () -- C:\windows\SysNative\drivers\Avg\iavichjw.avm

[2010/07/20 01:29:44 | 000,046,661 | ---- | M] () -- C:\Users\MOjet1\Documents\application cms.pdf

[2010/07/18 18:38:23 | 000,001,407 | ---- | M] () -- C:\Users\MOjet1\Desktop\wuaclt.exe.lnk

[2010/07/18 18:38:11 | 000,001,506 | ---- | M] () -- C:\Users\MOjet1\Desktop\ATF-Cleaner - Shortcut.lnk

[2010/07/18 17:59:43 | 000,153,376 | ---- | M] (Oracle) -- C:\windows\SysWow64\javaws.exe

[2010/07/18 17:59:43 | 000,145,184 | ---- | M] (Oracle) -- C:\windows\SysWow64\javaw.exe

[2010/07/18 17:59:43 | 000,145,184 | ---- | M] (Oracle) -- C:\windows\SysWow64\java.exe

[2010/07/18 17:59:42 | 000,423,656 | ---- | M] (Oracle) -- C:\windows\SysWow64\deployJava1.dll

[2010/07/17 15:59:52 | 000,009,020 | ---- | M] () -- C:\Users\MOjet1\Documents\cc_20100717_155942.reg

[2010/07/17 15:50:52 | 000,412,182 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2010/07/17 15:46:40 | 000,412,182 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20100717-155052.backup

[2010/07/15 13:30:20 | 000,041,048 | ---- | M] () -- C:\Users\MOjet1\Documents\cc_20100715_133007.reg

========== Files Created - No Company Name ==========

[2010/08/07 13:59:34 | 000,524,288 | -HS- | C] () -- C:\Users\MOjet1\ntuser.dat{75053067-a24d-11df-b556-00266c4bf1e6}.TMContainer00000000000000000002.regtrans-ms

[2010/08/07 13:59:34 | 000,524,288 | -HS- | C] () -- C:\Users\MOjet1\ntuser.dat{75053067-a24d-11df-b556-00266c4bf1e6}.TMContainer00000000000000000001.regtrans-ms

[2010/08/07 13:59:34 | 000,065,536 | -HS- | C] () -- C:\Users\MOjet1\ntuser.dat{75053067-a24d-11df-b556-00266c4bf1e6}.TM.blf

[2010/08/07 11:58:10 | 000,000,000 | ---- | C] () -- C:\Users\MOjet1\defogger_reenable

[2010/08/07 05:51:31 | 000,001,128 | ---- | C] () -- C:\Users\MOjet1\Desktop\StreamTorrent 1.0.lnk

[2010/08/07 04:10:17 | 000,002,330 | ---- | C] () -- C:\Users\MOjet1\Desktop\Google Chrome.lnk

[2010/08/07 04:09:30 | 000,000,912 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2027184126-505508850-3967297620-1000UA.job

[2010/08/07 04:09:28 | 000,000,860 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2027184126-505508850-3967297620-1000Core.job

[2010/08/07 03:04:59 | 000,132,306 | ---- | C] () -- C:\Users\MOjet1\Documents\cc_20100807_030455.reg

[2010/08/04 02:21:09 | 000,034,560 | ---- | C] () -- C:\windows\SysWow64\drivers\Normandy.sys

[2010/08/03 11:35:01 | 000,078,336 | ---- | C] () -- C:\Users\MOjet1\Desktop\ableton comments to set up patch.doc

[2010/08/01 21:07:40 | 019,461,015 | ---- | C] () -- C:\Users\MOjet1\Documents\vlc-1.1.2-win32.exe

[2010/08/01 02:14:37 | 000,001,028 | ---- | C] () -- C:\Users\MOjet1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ovulation Calendar.lnk

[2010/08/01 02:14:13 | 000,000,992 | ---- | C] () -- C:\Users\MOjet1\Desktop\Ovulation Calendar.lnk

[2010/07/29 03:58:46 | 000,002,104 | ---- | C] () -- C:\windows\SysWow64\tmp.reg

[2010/07/29 03:58:46 | 000,000,691 | ---- | C] () -- C:\Users\MOjet1\AppData\Roaming\GetValue.vbs

[2010/07/29 03:58:46 | 000,000,035 | ---- | C] () -- C:\Users\MOjet1\AppData\Roaming\SetValue.bat

[2010/07/29 03:58:00 | 000,075,776 | ---- | C] () -- C:\windows\SysWow64\WS2Fix.exe

[2010/07/29 03:58:00 | 000,051,200 | ---- | C] () -- C:\windows\SysWow64\dumphive.exe

[2010/07/29 03:58:00 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\swsc.exe

[2010/07/27 04:53:59 | 000,239,601 | ---- | C] () -- C:\Users\MOjet1\Desktop\property claim forms.pdf

[2010/07/26 03:21:28 | 000,000,940 | ---- | C] () -- C:\windows\SysNative\temp0201

[2010/07/26 03:21:28 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\katch00

[2010/07/26 03:21:16 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\Zlob01

[2010/07/26 03:21:16 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\WareOut01

[2010/07/26 03:21:16 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\WareOut00

[2010/07/26 03:21:16 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\temp06

[2010/07/26 03:21:16 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\temp04

[2010/07/26 03:21:16 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\temp03

[2010/07/26 03:21:16 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\temp02

[2010/07/26 03:21:16 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\svctdss

[2010/07/26 03:21:16 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\katchNT-OS

[2010/07/26 03:21:14 | 000,000,006 | ---- | C] () -- C:\windows\SysNative\BootDrivers

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\Unhandled.dat

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\temp0103

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\temp0101

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\temp0100

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\temp000B

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\temp000A

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\temp0004.bat

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\temp0003

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\temp0002

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\temp0001

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\temp0000

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\System.dump02

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\System.dump01

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\System.dump00

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\SvcFull

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\SvcDumpFull02

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\SvcDumpFull01

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\SvcDumpFull00

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\SvcDumpFull

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\SvcDumpB

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\SvcDump00

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\SvcDump

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\SvcDiff

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\SvcCovered

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\suspectSvc.dat

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\ServiceFiles00

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\ServiceFiles.dat

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\RustB00

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\LockedServiceFiles00

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\LegacyNoSvc

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\LegacyFull

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\HandleList

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\Handle00

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\del03.bat

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\d-del_A.dat

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\CCS.bat

[2010/07/26 03:21:14 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\BootSvcs

[2010/07/26 03:21:13 | 000,000,004 | ---- | C] () -- C:\windows\SysNative\WowErr.dat

[2010/07/25 23:34:11 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/23 05:11:52 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

[2010/07/23 03:51:33 | 000,021,770 | ---- | C] () -- C:\Users\MOjet1\Documents\cc_20100723_035127.reg

[2010/07/20 23:39:08 | 000,000,036 | ---- | C] () -- C:\Users\MOjet1\AppData\Local\housecall.guid.cache

[2010/07/20 21:50:55 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2010/07/20 21:50:35 | 063,051,185 | ---- | C] () -- C:\windows\SysNative\drivers\Avg\incavi.avm

[2010/07/20 21:50:35 | 000,113,461 | ---- | C] () -- C:\windows\SysNative\drivers\Avg\iavichjw.avm

[2010/07/20 01:29:44 | 000,046,661 | ---- | C] () -- C:\Users\MOjet1\Documents\application cms.pdf

[2010/07/18 18:38:23 | 000,001,407 | ---- | C] () -- C:\Users\MOjet1\Desktop\wuaclt.exe.lnk

[2010/07/18 18:38:11 | 000,001,506 | ---- | C] () -- C:\Users\MOjet1\Desktop\ATF-Cleaner - Shortcut.lnk

[2010/07/18 18:36:49 | 000,001,131 | ---- | C] () -- C:\Users\MOjet1\Desktop\mbam-setup-1.46 - Shortcut.lnk

[2010/07/17 15:59:46 | 000,009,020 | ---- | C] () -- C:\Users\MOjet1\Documents\cc_20100717_155942.reg

[2010/07/17 11:53:05 | 000,000,462 | ---- | C] () -- C:\windows\tasks\FrontLine Registry Cleaner Scheduled Scan - MOjet1.job

[2010/07/15 13:30:12 | 000,041,048 | ---- | C] () -- C:\Users\MOjet1\Documents\cc_20100715_133007.reg

[2010/07/15 13:10:30 | 000,001,018 | ---- | C] () -- C:\Users\MOjet1\Desktop\CCleaner.lnk

[2010/04/21 16:59:34 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2010/03/14 23:16:29 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI

[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll

[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

[1999/03/21 16:45:30 | 000,000,136 | ---- | C] () -- C:\windows\SysWow64\mstraps.dll

[1998/03/21 17:02:45 | 000,000,136 | ---- | C] () -- C:\windows\SysWow64\msrfst.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Link to post
Share on other sites

and heres the OTL extras.txt

OTL Extras logfile created on: 8/5/2010 07:13:05 - Run 1

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\MOjet1\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 25.00% Memory free

7.00 Gb Paging File | 3.00 Gb Available in Paging File | 43.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 287.61 Gb Total Space | 184.01 Gb Free Space | 63.98% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MOJET1-PC

Current User Name: MOjet1

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{81F3BC27-141B-635F-5D6B-5DE08D3B5884}" = ccc-utility64

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor

"{A0880F03-8480-482E-1606-BC91669B0882}" = ATI Catalyst Install Manager

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0

"{01DCAD46-FF60-478B-88FB-8A17B1129F53}" = Easy Resume Creator Pro

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing

"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver

"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian

"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish

"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist

"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21

"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New

"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian

"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20

"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean

"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration

"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common

"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian

"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech

"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish

"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer

"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai

"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller

"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password

"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Roxio Burn

"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish

"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional

"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0

"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish

"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner

"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional

"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation

"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

well,

I thought completely restoring factory setting on my comp would get rid of it, it didnt. i backed everything up and put windows 7 back on it... didnt work. when i click on searches in yahoo it gets redirected to localpages, informationgetter.com your local neighbourhood, shopica, etc.. i'm really tired of this. whatever you come up with will be appreciated. oh and i tried to put mbam on this freshly wiped comp, it does the wont update winhttp send request error 12007 again. so i'm just gonna rename the file. whatever it is its still on there. maybe its in the partition?

Link to post
Share on other sites

Hi,

Do the redirects only occur in Internet Explorer? Do they also occur in Firefox?

This may be an MBR (Master Boot Record) infection.

Download MBRCheck.exe by a_d_13 and save it to your Desktop.

Run it; when it completes, a log will be available on your Desktop (MBRCheck xxxxxx .txt) where xxxxxx is the time it ran.

it says windows 2008 mbr detected. heres the log

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: TOSHIBA

BIOS Manufacturer: Insyde Corp.

System Manufacturer: TOSHIBA

System Product Name: Satellite L505D

Logical Drives Mask: 0x0000000c

Kernel Drivers (total 198):

0x02C63000 \SystemRoot\system32\ntoskrnl.exe

0x02C1A000 \SystemRoot\system32\hal.dll

0x00BAD000 \SystemRoot\system32\kdcom.dll

0x00C74000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

0x00C81000 \SystemRoot\system32\PSHED.dll

0x00C95000 \SystemRoot\system32\CLFS.SYS

0x00CF3000 \SystemRoot\system32\CI.dll

0x00E77000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F1B000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F2A000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00F81000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00F8A000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00F94000 \SystemRoot\system32\DRIVERS\pci.sys

0x00FC7000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00FD4000 \SystemRoot\System32\drivers\partmgr.sys

0x00FE9000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00FF2000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00E00000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00E15000 \SystemRoot\System32\drivers\volmgrx.sys

0x00DB3000 \SystemRoot\system32\DRIVERS\pciide.sys

0x00DBA000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x00DCA000 \SystemRoot\System32\drivers\mountmgr.sys

0x00DE4000 \SystemRoot\system32\DRIVERS\atapi.sys

0x00C00000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x00C2A000 \SystemRoot\system32\DRIVERS\msahci.sys

0x00C35000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x01088000 \SystemRoot\system32\drivers\fltmgr.sys

0x010D4000 \SystemRoot\system32\drivers\fileinfo.sys

0x010E8000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS

0x01156000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS

0x01191000 \SystemRoot\System32\Drivers\PxHlpa64.sys

0x01220000 \SystemRoot\System32\Drivers\Ntfs.sys

0x0119D000 \SystemRoot\System32\Drivers\msrpc.sys

0x013C3000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01000000 \SystemRoot\System32\Drivers\cng.sys

0x013DD000 \SystemRoot\System32\drivers\pcw.sys

0x013EE000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x014B9000 \SystemRoot\system32\drivers\ndis.sys

0x01400000 \SystemRoot\system32\drivers\NETIO.SYS

0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01602000 \SystemRoot\System32\drivers\tcpip.sys

0x015AB000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x0184F000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x0189B000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS

0x018A0000 \SystemRoot\system32\DRIVERS\tos_sps64.sys

0x0191A000 \SystemRoot\System32\Drivers\spldr.sys

0x01922000 \SystemRoot\System32\drivers\rdyboost.sys

0x0195C000 \SystemRoot\System32\Drivers\mup.sys

0x0196E000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01977000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x019B1000 \SystemRoot\system32\DRIVERS\disk.sys

0x019C7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x019F7000 \SystemRoot\system32\DRIVERS\AtiPcie.sys

0x0148B000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x01838000 \SystemRoot\System32\Drivers\Null.SYS

0x01841000 \SystemRoot\System32\Drivers\Beep.SYS

0x01200000 \SystemRoot\System32\drivers\vga.sys

0x00C40000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x0120E000 \SystemRoot\System32\drivers\watchdog.sys

0x015F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x01073000 \SystemRoot\system32\drivers\rdpencdd.sys

0x0107C000 \SystemRoot\system32\drivers\rdprefmp.sys

0x00C65000 \SystemRoot\System32\Drivers\Msfs.SYS

0x00DED000 \SystemRoot\System32\Drivers\Npfs.SYS

0x02C4C000 \SystemRoot\system32\DRIVERS\tdx.sys

0x02C6A000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x02C77000 \SystemRoot\system32\drivers\afd.sys

0x02D01000 \SystemRoot\System32\DRIVERS\netbt.sys

0x02D46000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x02D4F000 \SystemRoot\system32\DRIVERS\pacer.sys

0x02D75000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x02D8B000 \SystemRoot\system32\DRIVERS\netbios.sys

0x02D9A000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x02DB5000 \SystemRoot\system32\DRIVERS\termdd.sys

0x02DC9000 \SystemRoot\system32\drivers\NISx64\1107000.00C\Ironx64.SYS

0x02C00000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SRTSPX64.SYS

0x03AD1000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x03B22000 \SystemRoot\system32\drivers\nsiproxy.sys

0x03B2E000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x03B39000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100809.001\IDSvia64.sys

0x03BAF000 \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS

0x03A00000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

0x03A76000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0x03A9B000 \SystemRoot\System32\drivers\discache.sys

0x03AAA000 \SystemRoot\System32\Drivers\dfsc.sys

0x03CA4000 \SystemRoot\system32\drivers\NISx64\1107000.00C\ccHPx64.sys

0x03D40000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x03E49000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100719.001\BHDrvx64.sys

0x03F34000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x03F5A000 \SystemRoot\system32\DRIVERS\TVALZFL.sys

0x03F61000 \SystemRoot\system32\DRIVERS\FwLnk.sys

0x03F69000 \SystemRoot\system32\DRIVERS\amdppm.sys

0x03F7E000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x04808000 \SystemRoot\system32\DRIVERS\atikmdag.sys

0x04E1F000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x04F13000 \SystemRoot\System32\drivers\dxgmms1.sys

0x04029000 \SystemRoot\system32\DRIVERS\rtl8192se.sys

0x04131000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x0413E000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x0417C000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys

0x04186000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x04191000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x041E7000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x04000000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x04F59000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x04F77000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x04F86000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x04024000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x04FCF000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x04FDE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x03F83000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x03F99000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x04FEE000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x03FBD000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x03E00000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x03E1B000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x03D51000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x04026000 \SystemRoot\system32\DRIVERS\swenum.sys

0x03D6B000 \SystemRoot\system32\DRIVERS\ks.sys

0x03FEC000 \SystemRoot\system32\DRIVERS\umbus.sys

0x03C00000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x03C5A000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x06401000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x03DAE000 \SystemRoot\system32\drivers\portcls.sys

0x03C6F000 \SystemRoot\system32\drivers\drmk.sys

0x065E0000 \SystemRoot\system32\drivers\ksthunk.sys

0x065E6000 \SystemRoot\System32\Drivers\crashdmp.sys

0x065F4000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x03E3C000 \SystemRoot\System32\Drivers\dump_msahci.sys

0x03C91000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x02C14000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x01800000 \SystemRoot\System32\Drivers\usbvideo.sys

0x041F8000 \SystemRoot\system32\DRIVERS\pgeffect.sys

0x00090000 \SystemRoot\System32\win32k.sys

0x03DEB000 \SystemRoot\System32\drivers\Dxapi.sys

0x03BE5000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00500000 \SystemRoot\System32\TSDDD.dll

0x006D0000 \SystemRoot\System32\cdd.dll

0x02658000 \SystemRoot\system32\drivers\luafv.sys

0x0267B000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x02690000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x026E3000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x026F6000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x0270E000 \SystemRoot\system32\drivers\HTTP.sys

0x027D6000 \SystemRoot\system32\DRIVERS\bowser.sys

0x02600000 \SystemRoot\System32\drivers\mpsdrv.sys

0x02618000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x038E4000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x03932000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x03955000 \SystemRoot\system32\drivers\peauth.sys

0x03800000 \SystemRoot\System32\Drivers\secdrv.SYS

0x0380B000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x03838000 \SystemRoot\System32\drivers\tcpipreg.sys

0x0384A000 \SystemRoot\System32\DRIVERS\srv2.sys

0x066A8000 \SystemRoot\System32\DRIVERS\srv.sys

0x06600000 \SystemRoot\System32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS

0x06EF6000 \SystemRoot\System32\Drivers\NISx64\1107000.00C\SRTSP64.SYS

0x07211000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100810.049\EX64.SYS

0x073CB000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100810.049\ENG64.SYS

0x77C90000 \Windows\System32\ntdll.dll

0x47C60000 \Windows\System32\smss.exe

0xFFFB0000 \Windows\System32\apisetschema.dll

0xFF2E0000 \Windows\System32\autochk.exe

0xFFF00000 \Windows\System32\msvcrt.dll

0xFFE20000 \Windows\System32\oleaut32.dll

0x77B90000 \Windows\System32\user32.dll

0xFFCF0000 \Windows\System32\wininet.dll

0xFFCA0000 \Windows\System32\Wldap32.dll

0xFFB90000 \Windows\System32\msctf.dll

0x77A70000 \Windows\System32\kernel32.dll

0xFFAF0000 \Windows\System32\clbcatq.dll

0xFFAD0000 \Windows\System32\sechost.dll

0xFF8F0000 \Windows\System32\setupapi.dll

0xFF820000 \Windows\System32\usp10.dll

0xFF6F0000 \Windows\System32\rpcrt4.dll

0xFF650000 \Windows\System32\comdlg32.dll

0xFF4D0000 \Windows\System32\urlmon.dll

0xFF460000 \Windows\System32\gdi32.dll

0xFF450000 \Windows\System32\lpk.dll

0x77E60000 \Windows\System32\normaliz.dll

0xFF420000 \Windows\System32\imm32.dll

0xFF210000 \Windows\System32\ole32.dll

0xFF190000 \Windows\System32\shlwapi.dll

0xFF180000 \Windows\System32\nsi.dll

0xFF160000 \Windows\System32\imagehlp.dll

0xFE3D0000 \Windows\System32\shell32.dll

0xFE2F0000 \Windows\System32\advapi32.dll

0x77E50000 \Windows\System32\psapi.dll

0xFE2A0000 \Windows\System32\ws2_32.dll

0xFE220000 \Windows\System32\difxapi.dll

0xFDFC0000 \Windows\System32\iertutil.dll

0xFDF80000 \Windows\System32\cfgmgr32.dll

0xFDF10000 \Windows\System32\KernelBase.dll

0xFDED0000 \Windows\System32\wintrust.dll

0xFDE30000 \Windows\System32\comctl32.dll

0xFDCC0000 \Windows\System32\crypt32.dll

0xFDCA0000 \Windows\System32\devobj.dll

0xFDC90000 \Windows\System32\msasn1.dll

Processes (total 74):

0 System Idle Process

4 System

276 C:\Windows\System32\smss.exe

420 csrss.exe

472 C:\Windows\System32\wininit.exe

488 csrss.exe

548 C:\Windows\System32\winlogon.exe

584 C:\Windows\System32\services.exe

596 C:\Windows\System32\lsass.exe

608 C:\Windows\System32\lsm.exe

704 C:\Windows\System32\svchost.exe

784 C:\Windows\System32\svchost.exe

880 C:\Windows\System32\atiesrxx.exe

912 C:\Windows\System32\svchost.exe

944 C:\Windows\System32\svchost.exe

972 C:\Windows\System32\svchost.exe

696 C:\Windows\System32\svchost.exe

1144 C:\Windows\System32\svchost.exe

1264 C:\Windows\System32\spoolsv.exe

1300 C:\Windows\System32\svchost.exe

1752 C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe

1792 C:\Windows\System32\TODDSrv.exe

1820 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

1896 C:\Program Files\TOSHIBA\TECO\TecoService.exe

1936 C:\Windows\System32\SearchIndexer.exe

2240 C:\Windows\System32\svchost.exe

2656 C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe

2948 C:\Windows\System32\atieclxx.exe

3008 C:\Windows\System32\svchost.exe

1908 C:\Windows\System32\taskhost.exe

2520 C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe

1572 C:\Windows\System32\dwm.exe

2320 C:\Windows\explorer.exe

3332 C:\Windows\System32\taskeng.exe

3372 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

3404 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

3436 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

3524 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

3712 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

3732 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

3824 C:\Program Files\TOSHIBA\TECO\Teco.exe

3920 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

3952 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

4024 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

3080 C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe

2488 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

2176 C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

3228 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

2284 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

3632 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

3864 C:\Program Files\Windows Media Player\wmpnetwk.exe

1432 C:\Program Files (x86)\Vidalia Bundle\Tor\tor.exe

2504 C:\Windows\System32\conhost.exe

3848 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

3976 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

2012 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

4280 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

5092 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

4656 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

1744 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

4964 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

3196 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

4728 C:\Program Files (x86)\Skype\Phone\Skype.exe

4660 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe

4732 C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

4700 C:\Windows\System32\taskhost.exe

856 C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exe

3200 C:\Windows\System32\audiodg.exe

4736 C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\firefox.exe

3540 C:\Windows\System32\SearchProtocolHost.exe

780 C:\Windows\System32\SearchFilterHost.exe

3892 C:\Users\Prima\Downloads\MBRCheck.exe

1676 C:\Windows\System32\conhost.exe

4544 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-26ZCT0, Rev: 12.01A12

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61

oh and it does show up in every browser that I use.

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

2010/08/12 17:48:23.0288 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09

2010/08/12 17:48:23.0288 ================================================================================

2010/08/12 17:48:23.0288 SystemInfo:

2010/08/12 17:48:23.0288

2010/08/12 17:48:23.0288 OS Version: 6.1.7600 ServicePack: 0.0

2010/08/12 17:48:23.0289 Product type: Workstation

2010/08/12 17:48:23.0289 ComputerName: PRIMA-PC

2010/08/12 17:48:23.0290 UserName: Prima

2010/08/12 17:48:23.0290 Windows directory: C:\windows

2010/08/12 17:48:23.0290 System windows directory: C:\windows

2010/08/12 17:48:23.0290 Running under WOW64

2010/08/12 17:48:23.0290 Processor architecture: Intel x64

2010/08/12 17:48:23.0290 Number of processors: 2

2010/08/12 17:48:23.0290 Page size: 0x1000

2010/08/12 17:48:23.0290 Boot type: Normal boot

2010/08/12 17:48:23.0290 ================================================================================

2010/08/12 17:48:23.0291 Utility is running under WOW64, functionality is limited.

2010/08/12 17:48:23.0600 Initialize success

2010/08/12 17:48:32.0933 ================================================================================

2010/08/12 17:48:32.0933 Scan started

2010/08/12 17:48:32.0933 Mode: Manual;

2010/08/12 17:48:32.0933 ================================================================================

2010/08/12 17:48:33.0544 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys

2010/08/12 17:48:33.0605 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys

2010/08/12 17:48:33.0656 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys

2010/08/12 17:48:33.0704 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

2010/08/12 17:48:33.0764 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

2010/08/12 17:48:33.0813 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

2010/08/12 17:48:33.0938 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys

2010/08/12 17:48:34.0023 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys

2010/08/12 17:48:34.0119 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys

2010/08/12 17:48:34.0339 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys

2010/08/12 17:48:34.0450 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys

2010/08/12 17:48:34.0519 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

2010/08/12 17:48:34.0569 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

2010/08/12 17:48:34.0624 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys

2010/08/12 17:48:34.0686 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

2010/08/12 17:48:34.0732 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys

2010/08/12 17:48:34.0806 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys

2010/08/12 17:48:34.0899 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

2010/08/12 17:48:34.0941 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

2010/08/12 17:48:34.0996 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

2010/08/12 17:48:35.0046 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys

2010/08/12 17:48:35.0132 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\windows\system32\DRIVERS\athrx.sys

2010/08/12 17:48:35.0398 atikmdag (173f4c05f87085e9bda3f7037bc9f40e) C:\windows\system32\DRIVERS\atikmdag.sys

2010/08/12 17:48:35.0620 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys

2010/08/12 17:48:35.0819 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

2010/08/12 17:48:35.0912 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

2010/08/12 17:48:36.0031 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

2010/08/12 17:48:36.0160 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

2010/08/12 17:48:36.0207 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys

2010/08/12 17:48:36.0272 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

2010/08/12 17:48:36.0317 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

2010/08/12 17:48:36.0397 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

2010/08/12 17:48:36.0451 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

2010/08/12 17:48:36.0484 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

2010/08/12 17:48:36.0520 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

2010/08/12 17:48:36.0568 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

2010/08/12 17:48:36.0688 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

2010/08/12 17:48:36.0755 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys

2010/08/12 17:48:36.0855 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

2010/08/12 17:48:36.0929 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

2010/08/12 17:48:37.0063 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

2010/08/12 17:48:37.0155 cmderd (07809ec7deece895de3cd10c46218ccf) C:\windows\system32\DRIVERS\cmderd.sys

2010/08/12 17:48:37.0220 cmdGuard (82a2bb05e25dc7c4f591ec7cc040f728) C:\windows\system32\DRIVERS\cmdguard.sys

2010/08/12 17:48:37.0298 cmdHlp (332179e46d2aa3e79fe2fcbca272267f) C:\windows\system32\DRIVERS\cmdhlp.sys

2010/08/12 17:48:37.0369 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys

2010/08/12 17:48:37.0437 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys

2010/08/12 17:48:37.0483 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

2010/08/12 17:48:37.0546 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys

2010/08/12 17:48:37.0677 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

2010/08/12 17:48:37.0852 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys

2010/08/12 17:48:37.0944 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

2010/08/12 17:48:38.0015 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

2010/08/12 17:48:38.0148 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

2010/08/12 17:48:38.0228 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\windows\System32\drivers\dxgkrnl.sys

2010/08/12 17:48:38.0422 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

2010/08/12 17:48:38.0650 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

2010/08/12 17:48:38.0699 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys

2010/08/12 17:48:38.0844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

2010/08/12 17:48:38.0894 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

2010/08/12 17:48:38.0984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

2010/08/12 17:48:39.0098 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

2010/08/12 17:48:39.0150 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

2010/08/12 17:48:39.0202 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

2010/08/12 17:48:39.0259 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys

2010/08/12 17:48:39.0388 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

2010/08/12 17:48:39.0424 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

2010/08/12 17:48:39.0494 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys

2010/08/12 17:48:39.0561 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys

2010/08/12 17:48:39.0616 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

2010/08/12 17:48:39.0733 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

2010/08/12 17:48:39.0796 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys

2010/08/12 17:48:39.0862 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys

2010/08/12 17:48:39.0922 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

2010/08/12 17:48:39.0980 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

2010/08/12 17:48:40.0040 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

2010/08/12 17:48:40.0115 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys

2010/08/12 17:48:40.0253 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys

2010/08/12 17:48:40.0327 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys

2010/08/12 17:48:40.0407 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys

2010/08/12 17:48:40.0473 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

2010/08/12 17:48:40.0541 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys

2010/08/12 17:48:40.0618 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

2010/08/12 17:48:40.0734 inspect (08069a7784fc040f343f8767c4e359f9) C:\windows\system32\DRIVERS\inspect.sys

2010/08/12 17:48:40.0866 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys

2010/08/12 17:48:41.0034 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys

2010/08/12 17:48:41.0100 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

2010/08/12 17:48:41.0183 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys

2010/08/12 17:48:41.0279 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys

2010/08/12 17:48:41.0356 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

2010/08/12 17:48:41.0416 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

2010/08/12 17:48:41.0452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys

2010/08/12 17:48:41.0503 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys

2010/08/12 17:48:41.0551 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

2010/08/12 17:48:41.0609 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys

2010/08/12 17:48:41.0696 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys

2010/08/12 17:48:41.0751 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys

2010/08/12 17:48:41.0806 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

2010/08/12 17:48:41.0974 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

2010/08/12 17:48:42.0115 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

2010/08/12 17:48:42.0155 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

2010/08/12 17:48:42.0197 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

2010/08/12 17:48:42.0239 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

2010/08/12 17:48:42.0290 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

2010/08/12 17:48:42.0372 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

2010/08/12 17:48:42.0423 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

2010/08/12 17:48:42.0503 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

2010/08/12 17:48:42.0560 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

2010/08/12 17:48:42.0626 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

2010/08/12 17:48:42.0668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

2010/08/12 17:48:42.0732 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys

2010/08/12 17:48:42.0775 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys

2010/08/12 17:48:42.0829 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

2010/08/12 17:48:42.0929 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys

2010/08/12 17:48:42.0998 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\windows\system32\DRIVERS\mrxsmb.sys

2010/08/12 17:48:43.0059 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\windows\system32\DRIVERS\mrxsmb10.sys

2010/08/12 17:48:43.0126 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\windows\system32\DRIVERS\mrxsmb20.sys

2010/08/12 17:48:43.0201 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys

2010/08/12 17:48:43.0275 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys

2010/08/12 17:48:43.0375 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

2010/08/12 17:48:43.0431 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

2010/08/12 17:48:43.0482 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys

2010/08/12 17:48:43.0600 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

2010/08/12 17:48:43.0649 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

2010/08/12 17:48:43.0694 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

2010/08/12 17:48:43.0742 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys

2010/08/12 17:48:43.0817 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

2010/08/12 17:48:43.0877 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

2010/08/12 17:48:43.0932 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

2010/08/12 17:48:44.0003 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

2010/08/12 17:48:44.0104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

2010/08/12 17:48:44.0222 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys

2010/08/12 17:48:44.0335 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

2010/08/12 17:48:44.0399 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

2010/08/12 17:48:44.0454 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys

2010/08/12 17:48:44.0509 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys

2010/08/12 17:48:44.0556 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys

2010/08/12 17:48:44.0610 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

2010/08/12 17:48:44.0677 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys

2010/08/12 17:48:44.0858 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

2010/08/12 17:48:44.0932 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

2010/08/12 17:48:45.0002 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

2010/08/12 17:48:45.0106 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys

2010/08/12 17:48:45.0243 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

2010/08/12 17:48:45.0316 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys

2010/08/12 17:48:45.0388 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys

2010/08/12 17:48:45.0460 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys

2010/08/12 17:48:45.0533 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys

2010/08/12 17:48:45.0686 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

2010/08/12 17:48:45.0761 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys

2010/08/12 17:48:45.0873 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys

2010/08/12 17:48:45.0939 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

2010/08/12 17:48:45.0989 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

2010/08/12 17:48:46.0039 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

2010/08/12 17:48:46.0112 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

2010/08/12 17:48:46.0284 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys

2010/08/12 17:48:46.0521 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys

2010/08/12 17:48:46.0573 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

2010/08/12 17:48:46.0688 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys

2010/08/12 17:48:46.0758 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys

2010/08/12 17:48:46.0829 pxkbf (c8d78b156b78b7d3098ee6cc3362f277) C:\windows\system32\drivers\pxkbf.sys

2010/08/12 17:48:46.0878 pxrts (52f8fb4dcdd17e789be53c1f7a160743) C:\windows\system32\drivers\pxrts.sys

2010/08/12 17:48:46.0928 pxscan (6484c97057d03aad89d1301e415ec21a) C:\windows\system32\drivers\pxscan.sys

2010/08/12 17:48:47.0024 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

2010/08/12 17:48:47.0100 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

2010/08/12 17:48:47.0186 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

2010/08/12 17:48:47.0241 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

2010/08/12 17:48:47.0294 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

2010/08/12 17:48:47.0367 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys

2010/08/12 17:48:47.0448 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

2010/08/12 17:48:47.0498 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

2010/08/12 17:48:47.0574 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys

2010/08/12 17:48:47.0641 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

2010/08/12 17:48:47.0691 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

2010/08/12 17:48:47.0749 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

2010/08/12 17:48:47.0812 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

2010/08/12 17:48:47.0858 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys

2010/08/12 17:48:47.0943 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys

2010/08/12 17:48:48.0164 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

2010/08/12 17:48:48.0296 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\windows\system32\DRIVERS\Rt64win7.sys

2010/08/12 17:48:48.0374 rtl8192se (7cd14bf5b42931fb80bee5d3e6ba7089) C:\windows\system32\DRIVERS\rtl8192se.sys

2010/08/12 17:48:48.0551 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys

2010/08/12 17:48:48.0635 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys

2010/08/12 17:48:48.0765 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

2010/08/12 17:48:48.0882 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

2010/08/12 17:48:48.0937 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

2010/08/12 17:48:48.0992 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

2010/08/12 17:48:49.0111 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys

2010/08/12 17:48:49.0160 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys

2010/08/12 17:48:49.0201 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys

2010/08/12 17:48:49.0275 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

2010/08/12 17:48:49.0398 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

2010/08/12 17:48:49.0445 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

2010/08/12 17:48:49.0510 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

2010/08/12 17:48:49.0617 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

2010/08/12 17:48:49.0788 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\windows\system32\DRIVERS\srv.sys

2010/08/12 17:48:49.0873 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\windows\system32\DRIVERS\srv2.sys

2010/08/12 17:48:49.0933 srvnet (fbd09635227a8026c0f7790f604343c6) C:\windows\system32\DRIVERS\srvnet.sys

2010/08/12 17:48:50.0076 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

2010/08/12 17:48:50.0211 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

2010/08/12 17:48:50.0322 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys

2010/08/12 17:48:50.0607 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\drivers\tcpip.sys

2010/08/12 17:48:50.0785 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\DRIVERS\tcpip.sys

2010/08/12 17:48:50.0877 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys

2010/08/12 17:48:50.0968 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

2010/08/12 17:48:51.0034 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

2010/08/12 17:48:51.0091 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys

2010/08/12 17:48:51.0151 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys

2010/08/12 17:48:51.0220 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys

2010/08/12 17:48:51.0531 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

2010/08/12 17:48:51.0699 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys

2010/08/12 17:48:51.0771 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys

2010/08/12 17:48:51.0836 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

2010/08/12 17:48:51.0916 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

2010/08/12 17:48:51.0981 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

2010/08/12 17:48:52.0059 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys

2010/08/12 17:48:52.0162 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys

2010/08/12 17:48:52.0225 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys

2010/08/12 17:48:52.0269 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

2010/08/12 17:48:52.0344 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys

2010/08/12 17:48:52.0453 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys

2010/08/12 17:48:52.0503 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\windows\system32\DRIVERS\usbehci.sys

2010/08/12 17:48:52.0579 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\windows\system32\DRIVERS\usbhub.sys

2010/08/12 17:48:52.0632 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys

2010/08/12 17:48:52.0677 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

2010/08/12 17:48:52.0728 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS

2010/08/12 17:48:52.0779 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys

2010/08/12 17:48:52.0839 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\windows\system32\Drivers\usbvideo.sys

2010/08/12 17:48:52.0969 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys

2010/08/12 17:48:53.0041 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

2010/08/12 17:48:53.0098 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

2010/08/12 17:48:53.0157 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys

2010/08/12 17:48:53.0214 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys

2010/08/12 17:48:53.0270 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys

2010/08/12 17:48:53.0347 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys

2010/08/12 17:48:53.0420 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys

2010/08/12 17:48:53.0483 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

2010/08/12 17:48:53.0581 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

2010/08/12 17:48:53.0651 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

2010/08/12 17:48:53.0767 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

2010/08/12 17:48:53.0856 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

2010/08/12 17:48:53.0887 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

2010/08/12 17:48:54.0106 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

2010/08/12 17:48:54.0175 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

2010/08/12 17:48:54.0419 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

2010/08/12 17:48:54.0470 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

2010/08/12 17:48:54.0724 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

2010/08/12 17:48:54.0888 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

2010/08/12 17:48:55.0033 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys

2010/08/12 17:48:55.0171 ================================================================================

2010/08/12 17:48:55.0171 Scan finished

2010/08/12 17:48:55.0171 ================================================================================

it said no threats found, but mbrcheck says there is an mbr code there still.

Link to post
Share on other sites

2010/08/12 17:48:23.0288 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09

2010/08/12 17:48:23.0288 ================================================================================

2010/08/12 17:48:23.0288 SystemInfo:

2010/08/12 17:48:23.0288

2010/08/12 17:48:23.0288 OS Version: 6.1.7600 ServicePack: 0.0

2010/08/12 17:48:23.0289 Product type: Workstation

2010/08/12 17:48:23.0289 ComputerName: PRIMA-PC

2010/08/12 17:48:23.0290 UserName: Prima

2010/08/12 17:48:23.0290 Windows directory: C:\windows

2010/08/12 17:48:23.0290 System windows directory: C:\windows

2010/08/12 17:48:23.0290 Running under WOW64

2010/08/12 17:48:23.0290 Processor architecture: Intel x64

2010/08/12 17:48:23.0290 Number of processors: 2

2010/08/12 17:48:23.0290 Page size: 0x1000

2010/08/12 17:48:23.0290 Boot type: Normal boot

2010/08/12 17:48:23.0290 ================================================================================

2010/08/12 17:48:23.0291 Utility is running under WOW64, functionality is limited.

2010/08/12 17:48:23.0600 Initialize success

2010/08/12 17:48:32.0933 ================================================================================

2010/08/12 17:48:32.0933 Scan started

2010/08/12 17:48:32.0933 Mode: Manual;

2010/08/12 17:48:32.0933 ================================================================================

2010/08/12 17:48:33.0544 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys

2010/08/12 17:48:33.0605 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys

2010/08/12 17:48:33.0656 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys

2010/08/12 17:48:33.0704 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

2010/08/12 17:48:33.0764 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

2010/08/12 17:48:33.0813 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

2010/08/12 17:48:33.0938 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys

2010/08/12 17:48:34.0023 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys

2010/08/12 17:48:34.0119 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys

2010/08/12 17:48:34.0339 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys

2010/08/12 17:48:34.0450 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys

2010/08/12 17:48:34.0519 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

2010/08/12 17:48:34.0569 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

2010/08/12 17:48:34.0624 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys

2010/08/12 17:48:34.0686 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

2010/08/12 17:48:34.0732 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys

2010/08/12 17:48:34.0806 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys

2010/08/12 17:48:34.0899 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

2010/08/12 17:48:34.0941 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

2010/08/12 17:48:34.0996 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

2010/08/12 17:48:35.0046 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys

2010/08/12 17:48:35.0132 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\windows\system32\DRIVERS\athrx.sys

2010/08/12 17:48:35.0398 atikmdag (173f4c05f87085e9bda3f7037bc9f40e) C:\windows\system32\DRIVERS\atikmdag.sys

2010/08/12 17:48:35.0620 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys

2010/08/12 17:48:35.0819 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

2010/08/12 17:48:35.0912 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

2010/08/12 17:48:36.0031 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

2010/08/12 17:48:36.0160 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

2010/08/12 17:48:36.0207 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys

2010/08/12 17:48:36.0272 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

2010/08/12 17:48:36.0317 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

2010/08/12 17:48:36.0397 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

2010/08/12 17:48:36.0451 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

2010/08/12 17:48:36.0484 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

2010/08/12 17:48:36.0520 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

2010/08/12 17:48:36.0568 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

2010/08/12 17:48:36.0688 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

2010/08/12 17:48:36.0755 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys

2010/08/12 17:48:36.0855 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

2010/08/12 17:48:36.0929 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

2010/08/12 17:48:37.0063 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

2010/08/12 17:48:37.0155 cmderd (07809ec7deece895de3cd10c46218ccf) C:\windows\system32\DRIVERS\cmderd.sys

2010/08/12 17:48:37.0220 cmdGuard (82a2bb05e25dc7c4f591ec7cc040f728) C:\windows\system32\DRIVERS\cmdguard.sys

2010/08/12 17:48:37.0298 cmdHlp (332179e46d2aa3e79fe2fcbca272267f) C:\windows\system32\DRIVERS\cmdhlp.sys

2010/08/12 17:48:37.0369 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys

2010/08/12 17:48:37.0437 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys

2010/08/12 17:48:37.0483 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

2010/08/12 17:48:37.0546 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys

2010/08/12 17:48:37.0677 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

2010/08/12 17:48:37.0852 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys

2010/08/12 17:48:37.0944 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

2010/08/12 17:48:38.0015 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

2010/08/12 17:48:38.0148 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

2010/08/12 17:48:38.0228 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\windows\System32\drivers\dxgkrnl.sys

2010/08/12 17:48:38.0422 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

2010/08/12 17:48:38.0650 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

2010/08/12 17:48:38.0699 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys

2010/08/12 17:48:38.0844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

2010/08/12 17:48:38.0894 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

2010/08/12 17:48:38.0984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

2010/08/12 17:48:39.0098 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

2010/08/12 17:48:39.0150 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

2010/08/12 17:48:39.0202 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

2010/08/12 17:48:39.0259 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys

2010/08/12 17:48:39.0388 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

2010/08/12 17:48:39.0424 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

2010/08/12 17:48:39.0494 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys

2010/08/12 17:48:39.0561 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys

2010/08/12 17:48:39.0616 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

2010/08/12 17:48:39.0733 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

2010/08/12 17:48:39.0796 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys

2010/08/12 17:48:39.0862 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys

2010/08/12 17:48:39.0922 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

2010/08/12 17:48:39.0980 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

2010/08/12 17:48:40.0040 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

2010/08/12 17:48:40.0115 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys

2010/08/12 17:48:40.0253 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys

2010/08/12 17:48:40.0327 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys

2010/08/12 17:48:40.0407 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys

2010/08/12 17:48:40.0473 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

2010/08/12 17:48:40.0541 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys

2010/08/12 17:48:40.0618 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

2010/08/12 17:48:40.0734 inspect (08069a7784fc040f343f8767c4e359f9) C:\windows\system32\DRIVERS\inspect.sys

2010/08/12 17:48:40.0866 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys

2010/08/12 17:48:41.0034 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys

2010/08/12 17:48:41.0100 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

2010/08/12 17:48:41.0183 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys

2010/08/12 17:48:41.0279 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys

2010/08/12 17:48:41.0356 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

2010/08/12 17:48:41.0416 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

2010/08/12 17:48:41.0452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys

2010/08/12 17:48:41.0503 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys

2010/08/12 17:48:41.0551 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

2010/08/12 17:48:41.0609 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys

2010/08/12 17:48:41.0696 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys

2010/08/12 17:48:41.0751 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys

2010/08/12 17:48:41.0806 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

2010/08/12 17:48:41.0974 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

2010/08/12 17:48:42.0115 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

2010/08/12 17:48:42.0155 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

2010/08/12 17:48:42.0197 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

2010/08/12 17:48:42.0239 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

2010/08/12 17:48:42.0290 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

2010/08/12 17:48:42.0372 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

2010/08/12 17:48:42.0423 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

2010/08/12 17:48:42.0503 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

2010/08/12 17:48:42.0560 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

2010/08/12 17:48:42.0626 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

2010/08/12 17:48:42.0668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

2010/08/12 17:48:42.0732 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys

2010/08/12 17:48:42.0775 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys

2010/08/12 17:48:42.0829 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

2010/08/12 17:48:42.0929 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys

2010/08/12 17:48:42.0998 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\windows\system32\DRIVERS\mrxsmb.sys

2010/08/12 17:48:43.0059 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\windows\system32\DRIVERS\mrxsmb10.sys

2010/08/12 17:48:43.0126 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\windows\system32\DRIVERS\mrxsmb20.sys

2010/08/12 17:48:43.0201 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys

2010/08/12 17:48:43.0275 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys

2010/08/12 17:48:43.0375 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

2010/08/12 17:48:43.0431 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

2010/08/12 17:48:43.0482 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys

2010/08/12 17:48:43.0600 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

2010/08/12 17:48:43.0649 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

2010/08/12 17:48:43.0694 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

2010/08/12 17:48:43.0742 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys

2010/08/12 17:48:43.0817 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

2010/08/12 17:48:43.0877 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

2010/08/12 17:48:43.0932 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

2010/08/12 17:48:44.0003 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

2010/08/12 17:48:44.0104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

2010/08/12 17:48:44.0222 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys

2010/08/12 17:48:44.0335 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

2010/08/12 17:48:44.0399 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

2010/08/12 17:48:44.0454 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys

2010/08/12 17:48:44.0509 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys

2010/08/12 17:48:44.0556 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys

2010/08/12 17:48:44.0610 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

2010/08/12 17:48:44.0677 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys

2010/08/12 17:48:44.0858 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

2010/08/12 17:48:44.0932 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

2010/08/12 17:48:45.0002 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

2010/08/12 17:48:45.0106 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys

2010/08/12 17:48:45.0243 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

2010/08/12 17:48:45.0316 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys

2010/08/12 17:48:45.0388 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys

2010/08/12 17:48:45.0460 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys

2010/08/12 17:48:45.0533 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys

2010/08/12 17:48:45.0686 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

2010/08/12 17:48:45.0761 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys

2010/08/12 17:48:45.0873 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys

2010/08/12 17:48:45.0939 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

2010/08/12 17:48:45.0989 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

2010/08/12 17:48:46.0039 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

2010/08/12 17:48:46.0112 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

2010/08/12 17:48:46.0284 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys

2010/08/12 17:48:46.0521 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys

2010/08/12 17:48:46.0573 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

2010/08/12 17:48:46.0688 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys

2010/08/12 17:48:46.0758 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys

2010/08/12 17:48:46.0829 pxkbf (c8d78b156b78b7d3098ee6cc3362f277) C:\windows\system32\drivers\pxkbf.sys

2010/08/12 17:48:46.0878 pxrts (52f8fb4dcdd17e789be53c1f7a160743) C:\windows\system32\drivers\pxrts.sys

2010/08/12 17:48:46.0928 pxscan (6484c97057d03aad89d1301e415ec21a) C:\windows\system32\drivers\pxscan.sys

2010/08/12 17:48:47.0024 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

2010/08/12 17:48:47.0100 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

2010/08/12 17:48:47.0186 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

2010/08/12 17:48:47.0241 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

2010/08/12 17:48:47.0294 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

2010/08/12 17:48:47.0367 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys

2010/08/12 17:48:47.0448 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

2010/08/12 17:48:47.0498 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

2010/08/12 17:48:47.0574 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys

2010/08/12 17:48:47.0641 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

2010/08/12 17:48:47.0691 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

2010/08/12 17:48:47.0749 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

2010/08/12 17:48:47.0812 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

2010/08/12 17:48:47.0858 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys

2010/08/12 17:48:47.0943 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys

2010/08/12 17:48:48.0164 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

2010/08/12 17:48:48.0296 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\windows\system32\DRIVERS\Rt64win7.sys

2010/08/12 17:48:48.0374 rtl8192se (7cd14bf5b42931fb80bee5d3e6ba7089) C:\windows\system32\DRIVERS\rtl8192se.sys

2010/08/12 17:48:48.0551 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys

2010/08/12 17:48:48.0635 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys

2010/08/12 17:48:48.0765 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

2010/08/12 17:48:48.0882 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

2010/08/12 17:48:48.0937 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

2010/08/12 17:48:48.0992 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

2010/08/12 17:48:49.0111 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys

2010/08/12 17:48:49.0160 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys

2010/08/12 17:48:49.0201 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys

2010/08/12 17:48:49.0275 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

2010/08/12 17:48:49.0398 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

2010/08/12 17:48:49.0445 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

2010/08/12 17:48:49.0510 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

2010/08/12 17:48:49.0617 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

2010/08/12 17:48:49.0788 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\windows\system32\DRIVERS\srv.sys

2010/08/12 17:48:49.0873 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\windows\system32\DRIVERS\srv2.sys

2010/08/12 17:48:49.0933 srvnet (fbd09635227a8026c0f7790f604343c6) C:\windows\system32\DRIVERS\srvnet.sys

2010/08/12 17:48:50.0076 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

2010/08/12 17:48:50.0211 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

2010/08/12 17:48:50.0322 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys

2010/08/12 17:48:50.0607 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\drivers\tcpip.sys

2010/08/12 17:48:50.0785 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\DRIVERS\tcpip.sys

2010/08/12 17:48:50.0877 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys

2010/08/12 17:48:50.0968 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

2010/08/12 17:48:51.0034 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

2010/08/12 17:48:51.0091 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys

2010/08/12 17:48:51.0151 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys

2010/08/12 17:48:51.0220 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys

2010/08/12 17:48:51.0531 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

2010/08/12 17:48:51.0699 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys

2010/08/12 17:48:51.0771 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys

2010/08/12 17:48:51.0836 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

2010/08/12 17:48:51.0916 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

2010/08/12 17:48:51.0981 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

2010/08/12 17:48:52.0059 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys

2010/08/12 17:48:52.0162 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys

2010/08/12 17:48:52.0225 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys

2010/08/12 17:48:52.0269 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

2010/08/12 17:48:52.0344 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys

2010/08/12 17:48:52.0453 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys

2010/08/12 17:48:52.0503 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\windows\system32\DRIVERS\usbehci.sys

2010/08/12 17:48:52.0579 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\windows\system32\DRIVERS\usbhub.sys

2010/08/12 17:48:52.0632 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys

2010/08/12 17:48:52.0677 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

2010/08/12 17:48:52.0728 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS

2010/08/12 17:48:52.0779 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys

2010/08/12 17:48:52.0839 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\windows\system32\Drivers\usbvideo.sys

2010/08/12 17:48:52.0969 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys

2010/08/12 17:48:53.0041 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

2010/08/12 17:48:53.0098 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

2010/08/12 17:48:53.0157 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys

2010/08/12 17:48:53.0214 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys

2010/08/12 17:48:53.0270 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys

2010/08/12 17:48:53.0347 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys

2010/08/12 17:48:53.0420 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys

2010/08/12 17:48:53.0483 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

2010/08/12 17:48:53.0581 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

2010/08/12 17:48:53.0651 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

2010/08/12 17:48:53.0767 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

2010/08/12 17:48:53.0856 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

2010/08/12 17:48:53.0887 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

2010/08/12 17:48:54.0106 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

2010/08/12 17:48:54.0175 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

2010/08/12 17:48:54.0419 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

2010/08/12 17:48:54.0470 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

2010/08/12 17:48:54.0724 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

2010/08/12 17:48:54.0888 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

2010/08/12 17:48:55.0033 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys

2010/08/12 17:48:55.0171 ================================================================================

2010/08/12 17:48:55.0171 Scan finished

2010/08/12 17:48:55.0171 ================================================================================

it said no threats found, but mbrcheck says there is an mbr code there still.

oh and the hijacking stopped, i downloaded comodo security, and it routed my service through their dns thingy, i think that stopped the mbr from working.. but mbrcheck says its still there..

Link to post
Share on other sites

Hi,

My apologies for the delay.

Your MBR is fine. MBRCheck is reporting your MBR as legitimate and not malicious. It's your DNS that was the issue.

Which router are you using??

[/quote

thanks for the info, I have a NETGEAR ROUTER ( The router is the one that gives us the wifi right?? ) yup that one. so what do i do to fix the dns thingy?

Link to post
Share on other sites

Hi,

Comodo appears to have changed your DNS settings so they are no longer pointing to the malicious entries. If you're not experiencing redirects then it sounds like you're good to go.

Can you grab the model number on the router? It should be printed on the router itself.

it is : netgear - n 150 router wnr1000.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.