Jump to content

Resident shield alerts (fake TROJAN) -


RME_77

Recommended Posts

Hey guys, I have this problem of this BS fake alert trojan. ;)

This one is weird, it seems that no anti virus can find it. This includes

MBAM,

spybot,

hitman pro,

super anti spyware,

avira antivirus and

rkill

This one is weird to- there's no redirects, i can click on anything and my comp is not even slowing down it's still the same speed. Do you guys need my latest log for MBAM?

I have tried everything, just doesn't seem to find it.

Link to post
Share on other sites

Thanks for that, but this is a bit concerning:

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

Thanks for your help though. ;)

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5253

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

6/12/2010 8:32:00 PM

mbam-log-2010-12-06 (20-32-00).txt

Scan type: Full scan (C:\|D:\|H:\|)

Objects scanned: 310829

Time elapsed: 1 hour(s), 43 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

---------------

DDS (Ver_10-12-05.01) - NTFS_AMD64

Run by R.M at 17:33:52.99 on Tue 07/12/2010

Internet Explorer: 8.0.6001.18975

Microsoft

Attach.zip

Link to post
Share on other sites

Hello ,

And :P My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

Link to post
Share on other sites

THANK YOU! THANK YOU! THANK YOU!

OTL logfile created on: 9/12/2010 2:39:27 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\R.M\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free

8.00 Gb Paging File | 5.00 Gb Available in Paging File | 64.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 137.83 Gb Total Space | 20.72 Gb Free Space | 15.03% Space Free | Partition Type: NTFS

Computer Name: RM-PC1 | User Name: R.M | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/09 02:37:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\R.M\Desktop\OTL.exe

PRC - [2010/12/05 23:30:27 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/12/05 23:30:27 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2010/12/05 23:30:26 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/10/29 21:55:17 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

PRC - [2010/10/29 21:55:16 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010/07/12 11:11:04 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe

PRC - [2010/04/29 05:15:02 | 002,633,976 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

PRC - [2010/04/13 09:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/02/16 16:21:53 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

PRC - [2010/02/12 17:30:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe

PRC - [2010/02/11 23:52:51 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgam.exe

PRC - [2010/01/15 23:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/07/04 19:15:30 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008/09/26 15:22:44 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

PRC - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2008/04/17 18:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2008/04/17 18:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2008/04/17 18:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

PRC - [2008/04/04 15:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2010/12/09 02:37:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\R.M\Desktop\OTL.exe

MOD - [2010/09/10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll

MOD - [2010/09/01 02:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

MOD - [2010/07/14 14:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/20 02:13:04 | 000,158,112 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/09/10 23:41:42 | 002,528,856 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV:64bit: - [2010/06/30 04:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2009/10/14 14:31:44 | 000,116,224 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)

SRV:64bit: - [2008/08/25 10:58:12 | 000,089,600 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)

SRV:64bit: - [2008/02/06 14:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2008/01/21 13:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/12/11 14:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)

SRV:64bit: - [2007/12/03 18:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)

SRV:64bit: - [2007/11/22 10:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV - [2010/12/05 23:30:27 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/12/05 23:30:27 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2010/05/20 18:19:16 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/12 17:30:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2010/01/15 23:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)

SRV - [2009/03/30 15:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2008/04/17 18:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2008/04/16 16:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe -- (jswpsapi)

SRV - [2008/04/04 15:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)

SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - [2010/12/05 23:30:27 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/06/23 09:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)

DRV:64bit: - [2010/02/27 20:48:38 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010/02/18 05:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2010/02/18 05:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2010/02/12 17:30:45 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)

DRV:64bit: - [2010/02/11 23:53:03 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)

DRV:64bit: - [2010/02/11 23:53:01 | 000,014,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (AvgRkx64)

DRV:64bit: - [2010/02/11 23:52:59 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)

DRV:64bit: - [2009/04/11 16:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023.sys -- (USB_RNDIS)

DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2008/08/14 10:40:44 | 000,260,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)

DRV:64bit: - [2008/07/29 05:05:00 | 001,146,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)

DRV:64bit: - [2008/07/18 19:52:16 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2008/06/26 17:24:18 | 000,020,520 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV:64bit: - [2008/06/12 21:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)

DRV:64bit: - [2008/04/28 17:59:26 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF)

DRV:64bit: - [2008/04/16 11:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)

DRV:64bit: - [2008/04/03 11:27:18 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)

DRV:64bit: - [2008/02/29 17:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2007/12/12 08:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2007/11/09 15:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2006/11/20 16:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)

DRV:64bit: - [2006/09/19 08:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...N&bmod=TSHN

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...N&bmod=TSHN

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...N&bmod=TSHN

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-198606054-17221615-2712515677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...N&bmod=TSHN

IE - HKU\S-1-5-21-198606054-17221615-2712515677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com.au/ [binary data]

IE - HKU\S-1-5-21-198606054-17221615-2712515677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

IE - HKU\S-1-5-21-198606054-17221615-2712515677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp

IE - HKU\S-1-5-21-198606054-17221615-2712515677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au

IE - HKU\S-1-5-21-198606054-17221615-2712515677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 4B 58 4C 4F 97 CA 01 [binary data]

IE - HKU\S-1-5-21-198606054-17221615-2712515677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-198606054-17221615-2712515677-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-198606054-17221615-2712515677-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-21-198606054-17221615-2712515677-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "yahoo.com"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429

FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.0

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b74f5c8&v=3.011.025.005&i=26&tp=ab&iy=&ychte=au&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2010/02/12 17:32:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/10/27 02:16:57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/18 20:01:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/12/08 19:08:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/29 21:55:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/01 15:24:19 | 000,000,000 | ---D | M]

[2010/01/09 20:32:01 | 000,000,000 | ---D | M] -- C:\Users\R.M\AppData\Roaming\Mozilla\Extensions

[2010/12/08 19:22:36 | 000,000,000 | ---D | M] -- C:\Users\R.M\AppData\Roaming\Mozilla\Firefox\Profiles\pz4xweky.default\extensions

[2010/10/22 02:26:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\R.M\AppData\Roaming\Mozilla\Firefox\Profiles\pz4xweky.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/27 02:19:34 | 000,000,000 | ---D | M] (WOT) -- C:\Users\R.M\AppData\Roaming\Mozilla\Firefox\Profiles\pz4xweky.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2010/10/22 02:26:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\R.M\AppData\Roaming\Mozilla\Firefox\Profiles\pz4xweky.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/12/02 20:47:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\R.M\AppData\Roaming\Mozilla\Firefox\Profiles\pz4xweky.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/12/01 18:45:00 | 000,000,000 | ---D | M] -- C:\Users\R.M\AppData\Roaming\Mozilla\Firefox\Profiles\pz4xweky.default\extensions\firebug@software.joehewitt.com

[2010/11/28 15:11:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/07/17 06:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/06/09 01:34:31 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/12/06 02:23:05 | 000,426,642 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 14695 more lines...

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)

O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3:64bit: - HKU\S-1-5-21-198606054-17221615-2712515677-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-198606054-17221615-2712515677-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-198606054-17221615-2712515677-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)

O4 - HKLM..\Run: [cfFncEnabler.exe] File not found

O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [jswtrayutil] C:\Program Files (x86)\Jumpstart\jswtrayutil.exe File not found

O4 - HKLM..\Run: [NDSTray.exe] File not found

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-198606054-17221615-2712515677-1000..\Run: [DVDBitSetter] C:\Users\R.M\Desktop\dvdbitsetter2113\dvdbitsetter.exe File not found

O4 - HKU\S-1-5-21-198606054-17221615-2712515677-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-198606054-17221615-2712515677-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-198606054-17221615-2712515677-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-21-198606054-17221615-2712515677-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

O4 - HKU\S-1-5-21-198606054-17221615-2712515677-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - HKU\S-1-5-21-198606054-17221615-2712515677-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O7 - HKU\S-1-5-21-198606054-17221615-2712515677-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)

O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)

O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()

O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()

O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)

O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)

O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()

O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()

O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\R.M\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\R.M\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{c604beec-2366-11df-8869-001e33acf7fc}\Shell - "" = AutoRun

O33 - MountPoints2\{c604beec-2366-11df-8869-001e33acf7fc}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found

O33 - MountPoints2\{cca600c6-978a-11df-a624-001e33acf7fc}\Shell\AutoRun\command - "" = E:\Install.exe -- File not found

O33 - MountPoints2\{cca600c6-978a-11df-a624-001e33acf7fc}\Shell\menu1\command - "" = E:\Install.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/09 02:36:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\R.M\Desktop\OTL.exe

[2010/12/07 00:44:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO

[2010/12/07 00:43:16 | 000,000,000 | -H-D | C] -- C:\VritualRoot

[2010/12/07 00:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2010/12/07 00:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO

[2010/12/06 02:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010/12/06 02:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2010/12/06 02:02:36 | 000,000,000 | ---D | C] -- C:\Users\R.M\Desktop\pic 2

[2010/12/06 00:55:46 | 000,000,000 | ---D | C] -- C:\Users\R.M\Desktop\co

[2010/12/05 04:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5

[2010/12/05 04:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2010/12/05 04:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2010/12/05 04:43:42 | 000,000,000 | ---D | C] -- C:\Users\R.M\AppData\Roaming\SUPERAntiSpyware.com

[2010/12/05 04:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE

[2010/12/05 04:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/11/30 22:13:10 | 000,000,000 | ---D | C] -- C:\Users\R.M\Desktop\HODVX20492.iwantjav.com

[2010/11/29 18:53:38 | 000,000,000 | ---D | C] -- C:\Users\R.M\AppData\Local\FeudalNate

[2010/11/25 01:36:12 | 000,000,000 | ---D | C] -- C:\Users\R.M\Desktop\mv

[2010/11/15 13:01:34 | 000,000,000 | ---D | C] -- C:\Users\R.M\Desktop\HBO Boxing Pacquiao - Margarito PPV HDRiP XViD

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/09 02:37:29 | 000,080,384 | ---- | M] () -- C:\Users\R.M\Desktop\MBRCheck.exe

[2010/12/09 02:37:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\R.M\Desktop\OTL.exe

[2010/12/09 02:36:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/12/09 02:22:28 | 068,659,550 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm

[2010/12/09 02:13:24 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/12/09 02:13:07 | 000,000,431 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics

[2010/12/09 02:12:35 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/09 02:12:35 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/09 02:12:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/09 02:12:18 | 4156,551,168 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/08 21:20:31 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys

[2010/12/07 18:43:40 | 000,003,567 | ---- | M] () -- C:\Users\R.M\Desktop\Attach.zip

[2010/12/07 17:51:40 | 000,296,448 | ---- | M] () -- C:\Users\R.M\Desktop\gkyjtlx2.exe

[2010/12/07 17:22:21 | 000,000,188 | ---- | M] () -- C:\Users\R.M\defogger_reenable

[2010/12/07 17:19:10 | 000,624,128 | ---- | M] () -- C:\Users\R.M\Desktop\dds.scr

[2010/12/07 17:17:51 | 000,050,477 | ---- | M] () -- C:\Users\R.M\Desktop\Defogger.exe

[2010/12/07 00:48:08 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk

[2010/12/07 00:35:35 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk

[2010/12/07 00:33:24 | 000,001,024 | ---- | M] () -- C:\Users\R.M\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk

[2010/12/06 04:58:57 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/06 02:23:05 | 000,426,642 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2010/12/06 02:04:49 | 000,001,132 | ---- | M] () -- C:\Users\R.M\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/12/06 02:04:49 | 000,001,108 | ---- | M] () -- C:\Users\R.M\Desktop\Spybot - Search & Destroy.lnk

[2010/12/06 00:34:24 | 505,288,614 | ---- | M] () -- C:\Users\R.M\Documents\3.reg

[2010/12/05 23:30:27 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2010/12/05 22:39:26 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

[2010/12/05 04:43:38 | 000,001,767 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/12/04 01:28:28 | 000,001,668 | ---- | M] () -- C:\Users\R.M\Desktop\Fallout3VE - Shortcut.lnk

[2010/12/03 01:12:17 | 000,000,447 | ---- | M] () -- C:\Users\R.M\Desktop\anime - Shortcut.lnk

[2010/12/02 22:46:53 | 000,200,192 | ---- | M] () -- C:\Users\R.M\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/11/26 22:03:35 | 628,942,733 | ---- | M] () -- C:\Users\R.M\Desktop\Inc120ptn.2010.DVDRip_300upload.mkv

[2010/11/26 21:58:25 | 000,000,462 | ---- | M] () -- C:\Users\R.M\Desktop\hjsplit - Shortcut.lnk

[2010/11/26 01:48:33 | 313,595,212 | ---- | M] () -- C:\Users\R.M\Desktop\due128dit.2010.CAM_300upload.mkv

[2010/11/26 00:45:29 | 000,000,104 | ---- | M] () -- C:\Users\R.M\Desktop\Internet - Shortcut.lnk

[2010/11/25 19:38:13 | 789,168,111 | ---- | M] () -- C:\Users\R.M\Desktop\J3D-NoGrp.avi

[2010/11/20 01:53:56 | 000,000,731 | ---- | M] () -- C:\Users\R.M\Desktop\USBXTAFGUI_v32BETA2 - Shortcut.lnk

[2010/11/19 15:55:46 | 000,829,180 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/11/19 15:55:46 | 000,698,382 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/11/19 15:55:46 | 000,143,406 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/11/16 01:26:49 | 001,638,109 | ---- | M] () -- C:\Users\R.M\Desktop\noc0ns.gif.gif

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/09 02:37:10 | 000,080,384 | ---- | C] () -- C:\Users\R.M\Desktop\MBRCheck.exe

[2010/12/07 18:43:23 | 000,003,567 | ---- | C] () -- C:\Users\R.M\Desktop\Attach.zip

[2010/12/07 17:51:17 | 000,296,448 | ---- | C] () -- C:\Users\R.M\Desktop\gkyjtlx2.exe

[2010/12/07 17:22:20 | 000,000,188 | ---- | C] () -- C:\Users\R.M\defogger_reenable

[2010/12/07 17:18:13 | 000,624,128 | ---- | C] () -- C:\Users\R.M\Desktop\dds.scr

[2010/12/07 17:17:03 | 000,050,477 | ---- | C] () -- C:\Users\R.M\Desktop\Defogger.exe

[2010/12/07 00:35:35 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk

[2010/12/07 00:33:24 | 000,001,024 | ---- | C] () -- C:\Users\R.M\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk

[2010/12/07 00:33:24 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk

[2010/12/06 02:04:49 | 000,001,132 | ---- | C] () -- C:\Users\R.M\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/12/06 02:04:49 | 000,001,108 | ---- | C] () -- C:\Users\R.M\Desktop\Spybot - Search & Destroy.lnk

[2010/12/06 00:33:29 | 505,288,614 | ---- | C] () -- C:\Users\R.M\Documents\3.reg

[2010/12/05 04:55:54 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys

[2010/12/05 04:55:53 | 000,001,824 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

[2010/12/05 04:43:38 | 000,001,767 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/12/03 01:12:17 | 000,000,447 | ---- | C] () -- C:\Users\R.M\Desktop\anime - Shortcut.lnk

[2010/11/30 21:53:46 | 000,001,668 | ---- | C] () -- C:\Users\R.M\Desktop\Fallout3VE - Shortcut.lnk

[2010/11/26 22:01:26 | 628,942,733 | ---- | C] () -- C:\Users\R.M\Desktop\Inc120ptn.2010.DVDRip_300upload.mkv

[2010/11/26 21:58:25 | 000,000,462 | ---- | C] () -- C:\Users\R.M\Desktop\hjsplit - Shortcut.lnk

[2010/11/26 01:47:57 | 313,595,212 | ---- | C] () -- C:\Users\R.M\Desktop\due128dit.2010.CAM_300upload.mkv

[2010/11/26 00:45:29 | 000,000,104 | ---- | C] () -- C:\Users\R.M\Desktop\Internet - Shortcut.lnk

[2010/11/25 17:47:25 | 789,168,111 | ---- | C] () -- C:\Users\R.M\Desktop\J3D-NoGrp.avi

[2010/11/20 01:53:56 | 000,000,731 | ---- | C] () -- C:\Users\R.M\Desktop\USBXTAFGUI_v32BETA2 - Shortcut.lnk

[2010/11/16 01:26:55 | 001,638,109 | ---- | C] () -- C:\Users\R.M\Desktop\noc0ns.gif.gif

[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010/08/03 23:55:07 | 000,000,048 | ---- | C] () -- C:\Windows\cdplayer.ini

[2010/07/26 17:40:37 | 000,440,620 | ---- | C] () -- C:\Users\R.M\AppData\Local\dd_vcredistMSI251B.txt

[2010/07/26 17:40:36 | 000,012,438 | ---- | C] () -- C:\Users\R.M\AppData\Local\dd_vcredistUI251B.txt

[2010/03/04 17:54:19 | 000,000,680 | ---- | C] () -- C:\Users\R.M\AppData\Local\d3d9caps.dat

[2010/03/04 13:55:54 | 000,002,034 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010/01/09 20:46:31 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2010/01/09 20:45:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2010/01/06 13:12:15 | 001,355,899 | ---- | C] () -- C:\Windows\UnInstallNetCommADSL.dll

[2009/07/08 00:36:11 | 000,000,552 | ---- | C] () -- C:\Users\R.M\AppData\Local\d3d8caps.dat

[2009/07/04 19:39:47 | 000,200,192 | ---- | C] () -- C:\Users\R.M\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/04 19:09:45 | 000,766,414 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/07/04 18:55:32 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll

[2009/07/04 18:55:32 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll

[2009/07/04 18:55:32 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll

[2009/07/04 18:55:32 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll

[2009/07/04 18:55:32 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll

[2009/07/04 18:55:32 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll

[2009/07/04 18:39:46 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini

[2009/07/04 18:39:46 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll

[2009/07/04 18:39:46 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini

[2009/07/04 18:37:27 | 000,000,732 | ---- | C] () -- C:\Users\R.M\AppData\Local\d3d9caps64.dat

[2008/07/11 12:53:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2008/01/21 13:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010/02/27 22:22:00 | 000,000,000 | ---D | M] -- C:\Users\R.M\AppData\Roaming\Bioshock2

[2010/10/27 00:35:09 | 000,000,000 | ---D | M] -- C:\Users\R.M\AppData\Roaming\Bitrix Security

[2010/02/27 20:58:07 | 000,000,000 | ---D | M] -- C:\Users\R.M\AppData\Roaming\DAEMON Tools Lite

[2010/04/27 14:20:54 | 000,000,000 | ---D | M] -- C:\Users\R.M\AppData\Roaming\Elluminate

[2010/10/01 19:59:01 | 000,000,000 | ---D | M] -- C:\Users\R.M\AppData\Roaming\GameTuts

[2010/06/04 22:37:34 | 000,000,000 | ---D | M] -- C:\Users\R.M\AppData\Roaming\mkvtoolnix

[2010/07/26 17:54:39 | 000,000,000 | ---D | M] -- C:\Users\R.M\AppData\Roaming\Sony

[2010/07/26 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\R.M\AppData\Roaming\Sony Setup

[2009/07/04 19:48:45 | 000,000,000 | ---D | M] -- C:\Users\R.M\AppData\Roaming\toshiba

[2009/07/20 21:24:30 | 000,000,000 | ---D | M] -- C:\Users\R.M\AppData\Roaming\Ulead Systems

[2010/11/15 14:35:07 | 000,000,000 | ---D | M] -- C:\Users\R.M\AppData\Roaming\uTorrent

[2010/02/27 21:23:59 | 000,000,000 | ---D | M] -- C:\Users\R.M\AppData\Roaming\Western Digital

[2010/12/08 22:54:39 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

EXTRAS:

OTL Extras logfile created on: 9/12/2010 2:39:27 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\R.M\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free

8.00 Gb Paging File | 5.00 Gb Available in Paging File | 64.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 137.83 Gb Total Space | 20.72 Gb Free Space | 15.03% Space Free | Partition Type: NTFS

Computer Name: RM-PC1 | User Name: R.M | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-198606054-17221615-2712515677-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = 70 CF DE 6E 07 95 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00611CE1-9667-42E5-BB48-20AE94786E6D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{196EFE93-CE9C-4AA7-A5F8-E255A6C36254}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{3D943EB9-682B-417E-95D1-F6D3857C1FC7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{4004E92E-7A8F-449A-808A-FE89A7CE20E8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{47F988D5-89D0-49DF-99C7-6A426488118F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{4E1888A4-F334-4323-A13B-870E91F9AAD6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7C4E11D3-5D72-4EAD-B4F9-A4DBF98713CB}" = rport=2869 | protocol=6 | dir=out | app=system |

"{A2EC6ABA-4392-426E-91EC-25313F70C047}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{BDA5E94A-4F4E-47DA-A282-5596624279CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{DB0FE9FF-1A43-4D3C-BF46-4B5D80079B01}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{DD985456-BEC8-46AB-9FC8-0165D6024415}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{DEFF4540-E79A-4903-9C3D-077346C5C2E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E46314C4-DCC5-4B76-A67C-354B3C82CF74}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{EC5BECB8-7B55-404E-BA7B-9593430B2B77}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03D5DB4D-CA39-4E01-9D53-B9EB3EF72823}" = dir=in | app=c:\program files (x86)\avg\avg8\avgam.exe |

"{0A9A161C-60F6-4B24-B152-6EE459DA6304}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{1155F304-36BF-459F-8201-651DB8297681}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |

"{1186335A-9F98-47D0-85B6-20363EEFFB60}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |

"{127AAA1F-96C3-4BAA-AD31-DDAE6C3D07C8}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |

"{23DC49EF-710B-4A4D-A3B0-A02C9518383D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{40188FF8-F1C0-4D8E-990C-D663201701AE}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{40DB8169-691C-4E5C-8804-855CD155535F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{5385F8F5-AE51-4F29-8A83-54491BBA68CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{60BAB23E-5E85-4054-AD2A-C06AB326994E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{6245B41B-66AC-4950-AEDE-9B859BD13D55}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{63FD8FB0-4B80-4B8B-91AE-CDA27A85130D}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |

"{701E9E33-A643-424B-8DA2-6C27DF7F84AB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |

"{7493DADD-8701-403F-AF57-6A1FDC68876F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |

"{77D3B8C2-F57F-4CB1-BF5D-8061D38D2CEC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{7B6A4733-633F-4E74-A3E7-AF7852A337F4}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |

"{8340F0C3-79EA-4A38-B134-EC0D69B2B9AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |

"{84C97059-D93A-4862-A562-4AE57896F247}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |

"{88C645BE-C6FB-4633-9E20-B7487D9BA9D9}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |

"{9295A4AF-0107-4DAC-ADCB-D29BC669EAEB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{A62C1AC2-8EF9-47F7-AACA-03B67846D6EF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{B0C1671A-23ED-453E-AC6C-47FD24397CFD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{B0EAE48D-AAB7-4601-9D0C-A2EB7EC812EA}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

"{B7C31A23-DF01-4F61-945D-EB81010C18C9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |

"{CA6CBF79-89F9-463C-9964-66A37415EFA1}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |

"{CC14B0C8-B67D-49FB-A7BC-0A7D7A23349E}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |

"{D6CA2CE9-17DE-4A52-9375-E9421C2E2C24}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |

"{E053E805-8657-4387-9554-EDFD77A8F179}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{E2032909-8A72-4CF4-BB55-68B0DE613DB4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{E63369BA-C322-4B05-A9B7-04107AEA91F2}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{E6D8743D-0212-4ADA-8901-C1130611F827}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |

"{ECBADB40-BFF8-4FD1-B709-61F7785DD23B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{F1A9058F-47A3-4FB1-8F62-C8E13CD0D113}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{FE3ADB9C-84EA-4BA9-ABFF-9902E75EE562}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"TCP Query User{006B0710-AE5C-48F0-8F8E-D0B81DF228C1}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |

"TCP Query User{01B3057B-AA0F-4343-A4A0-23521B08CB0F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{2C1D0BDD-71EE-496F-91C7-E8914831A562}F:\dead space\dead space.exe" = protocol=6 | dir=in | app=f:\dead space\dead space.exe |

"TCP Query User{309DFC1C-B196-4D3F-98EA-CAAA9EA8A48F}C:\users\r.m\downloads\np\betascoresender\scoresender.exe" = protocol=6 | dir=in | app=c:\users\r.m\downloads\np\betascoresender\scoresender.exe |

"TCP Query User{468EF5F5-E22E-4C91-B5AB-9B0BF2EFB761}C:\users\r.m\games\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\users\r.m\games\dead space\dead space.exe |

"TCP Query User{82DBDCC9-CD6F-4D83-84FA-CAF3A29289C2}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

"TCP Query User{A891ED5A-0280-45EC-90C9-D4B35C54B656}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"TCP Query User{CB325577-6F17-4B76-8B06-97B304741CFB}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

"TCP Query User{DFDB14D9-38E9-422D-9CA3-8104EA27A6CD}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |

"TCP Query User{F8E7612E-F94C-485F-9648-086FF1B81045}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |

"UDP Query User{16E833F1-82D9-426C-A5D6-39F93BF93979}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{2AD5DB89-F4D1-47F5-B2F5-DDDBFAB3DCF0}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

"UDP Query User{43AFF0E0-BD17-4E8D-BCB2-7ACC31B314CC}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

"UDP Query User{4FDDCF26-B91A-4195-829E-5F7ECB605667}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |

"UDP Query User{542FD90F-EFB1-490F-9213-647E1E6D1CD5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"UDP Query User{672DB135-98A5-469A-B71D-11FCA5A70F23}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |

"UDP Query User{A7EA7D18-8A64-4AD5-9B0C-A8AF51D7D264}C:\users\r.m\downloads\np\betascoresender\scoresender.exe" = protocol=17 | dir=in | app=c:\users\r.m\downloads\np\betascoresender\scoresender.exe |

"UDP Query User{C8FCD851-87E3-4941-9C56-C8927AA3BDE7}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |

"UDP Query User{CB4B7814-F986-476C-86A7-8C8162DDE93E}C:\users\r.m\games\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\users\r.m\games\dead space\dead space.exe |

"UDP Query User{CE30D6DA-7A81-4E86-BCB3-593633395FA0}F:\dead space\dead space.exe" = protocol=17 | dir=in | app=f:\dead space\dead space.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{61CF2C86-8E46-4210-A115-E4D6C65AF369}" = HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel

Link to post
Share on other sites

MBRCheck:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 64-bit

Base Board Manufacturer: TOSHIBA

BIOS Manufacturer: INSYDE

System Manufacturer: TOSHIBA

System Product Name: Satellite L300

Logical Drives Mask: 0x0000000c

Kernel Drivers (total 154):

0x02247000 \SystemRoot\system32\ntoskrnl.exe

0x02201000 \SystemRoot\system32\hal.dll

0x0060B000 \SystemRoot\system32\kdcom.dll

0x00615000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00650000 \SystemRoot\system32\PSHED.dll

0x00664000 \SystemRoot\system32\CLFS.SYS

0x006C1000 \SystemRoot\system32\CI.dll

0x00808000 \SystemRoot\system32\drivers\Wdf01000.sys

0x008E2000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x008F0000 \SystemRoot\system32\drivers\acpi.sys

0x00946000 \SystemRoot\system32\drivers\WMILIB.SYS

0x0094F000 \SystemRoot\system32\drivers\msisadrv.sys

0x00959000 \SystemRoot\system32\drivers\pci.sys

0x00989000 \SystemRoot\System32\drivers\partmgr.sys

0x0099E000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x009A2000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x009AE000 \SystemRoot\system32\drivers\volmgr.sys

0x00773000 \SystemRoot\System32\drivers\volmgrx.sys

0x009C2000 \SystemRoot\System32\drivers\mountmgr.sys

0x009D5000 \SystemRoot\system32\DRIVERS\pciide.sys

0x009DC000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x00A0F000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x00B1D000 \SystemRoot\system32\drivers\atapi.sys

0x00B25000 \SystemRoot\system32\drivers\ataport.SYS

0x00B49000 \SystemRoot\system32\drivers\msahci.sys

0x00B53000 \SystemRoot\system32\drivers\fltmgr.sys

0x00B9A000 \SystemRoot\system32\drivers\fileinfo.sys

0x00C03000 \SystemRoot\System32\Drivers\ksecdd.sys

0x00E00000 \SystemRoot\system32\drivers\ndis.sys

0x00C8A000 \SystemRoot\system32\drivers\msrpc.sys

0x00CDA000 \SystemRoot\system32\drivers\NETIO.SYS

0x01009000 \SystemRoot\System32\drivers\tcpip.sys

0x0117F000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x0120B000 \SystemRoot\System32\Drivers\Ntfs.sys

0x0138B000 \SystemRoot\system32\drivers\volsnap.sys

0x013CF000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS

0x00D33000 \SystemRoot\system32\DRIVERS\tos_sps64.sys

0x013D4000 \SystemRoot\System32\Drivers\spldr.sys

0x013DC000 \SystemRoot\System32\Drivers\mup.sys

0x011AB000 \SystemRoot\System32\drivers\ecache.sys

0x011D7000 \SystemRoot\system32\drivers\disk.sys

0x00FC3000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x013EE000 \SystemRoot\system32\drivers\crcdisk.sys

0x013F8000 \SystemRoot\System32\Drivers\avgrkx64.sys

0x0231B000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x02328000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x02331000 \SystemRoot\system32\DRIVERS\FwLnk.sys

0x02339000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x0234C000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x0240D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x02C03000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x02CE6000 \SystemRoot\System32\drivers\watchdog.sys

0x02CF6000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x02D02000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x02D48000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x02E00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x02EED000 \SystemRoot\system32\DRIVERS\Rtlh64.sys

0x03003000 \SystemRoot\system32\DRIVERS\athrx.sys

0x03122000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x03138000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x03146000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x0318C000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x0318E000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x0319A000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys

0x031A4000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x031C0000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x02F3D000 \SystemRoot\system32\DRIVERS\storport.sys

0x02F9A000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x02FA7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x02FCA000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x02D59000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x02FD6000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x02D8A000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x02FE6000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x02DA8000 \SystemRoot\system32\DRIVERS\termdd.sys

0x031F9000 \SystemRoot\system32\DRIVERS\swenum.sys

0x02DBB000 \SystemRoot\system32\DRIVERS\ks.sys

0x02DEF000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x02B99000 \SystemRoot\system32\DRIVERS\umbus.sys

0x02BA9000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x02351000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04200000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x04354000 \SystemRoot\system32\drivers\portcls.sys

0x0438F000 \SystemRoot\system32\drivers\drmk.sys

0x043B2000 \SystemRoot\system32\drivers\ksthunk.sys

0x04407000 \SystemRoot\system32\DRIVERS\agrsm64.sys

0x04543000 \SystemRoot\system32\drivers\modem.sys

0x04552000 \SystemRoot\System32\DRIVERS\cmdguard.sys

0x04594000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x0459E000 \SystemRoot\System32\Drivers\Null.SYS

0x045A7000 \SystemRoot\System32\drivers\vga.sys

0x045B5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x045DA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x045E3000 \SystemRoot\system32\drivers\rdpencdd.sys

0x045EC000 \SystemRoot\System32\Drivers\Msfs.SYS

0x043B8000 \SystemRoot\System32\Drivers\Npfs.SYS

0x045F7000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x043C9000 \SystemRoot\system32\DRIVERS\tdx.sys

0x043E6000 \SystemRoot\System32\DRIVERS\cmdhlp.sys

0x02365000 \SystemRoot\System32\Drivers\avgtdia.sys

0x02389000 \SystemRoot\system32\DRIVERS\smb.sys

0x023A4000 \SystemRoot\System32\DRIVERS\netbt.sys

0x0400F000 \SystemRoot\system32\drivers\afd.sys

0x0407A000 \SystemRoot\system32\DRIVERS\pacer.sys

0x04098000 \SystemRoot\system32\DRIVERS\jswpslwfx.sys

0x040A5000 \SystemRoot\system32\DRIVERS\inspect.sys

0x040BD000 \SystemRoot\system32\DRIVERS\netbios.sys

0x040CC000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x040E7000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

0x040F1000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

0x040FB000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x04148000 \SystemRoot\system32\drivers\nsiproxy.sys

0x04154000 \SystemRoot\System32\Drivers\dfsc.sys

0x04171000 \SystemRoot\system32\DRIVERS\avipbb.sys

0x04193000 \SystemRoot\System32\Drivers\avgmfx64.sys

0x0480B000 \SystemRoot\System32\Drivers\avgldx64.sys

0x04879000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x04895000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS

0x0489D000 \SystemRoot\System32\Drivers\usbvideo.sys

0x048C7000 \SystemRoot\system32\drivers\RTSTOR64.SYS

0x048DB000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x048E4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x048F6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x048FE000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x04909000 \SystemRoot\System32\Drivers\crashdmp.sys

0x02200000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x00030000 \SystemRoot\System32\win32k.sys

0x04917000 \SystemRoot\System32\drivers\Dxapi.sys

0x04923000 \SystemRoot\system32\DRIVERS\monitor.sys

0x004E0000 \SystemRoot\System32\TSDDD.dll

0x00670000 \SystemRoot\System32\cdd.dll

0x04936000 \SystemRoot\system32\drivers\luafv.sys

0x04958000 \SystemRoot\system32\DRIVERS\avgntflt.sys

0x1640A000 \SystemRoot\system32\drivers\spsys.sys

0x164A4000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x164B8000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x164EC000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x164F7000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x1650F000 \SystemRoot\system32\drivers\HTTP.sys

0x165B2000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x165DB000 \SystemRoot\system32\DRIVERS\bowser.sys

0x04975000 \SystemRoot\System32\drivers\mpsdrv.sys

0x0498F000 \SystemRoot\system32\drivers\mrxdav.sys

0x049B6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x0419A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x049DF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x00DB2000 \SystemRoot\System32\DRIVERS\srv2.sys

0x16A09000 \SystemRoot\System32\DRIVERS\srv.sys

0x16A9D000 \SystemRoot\system32\drivers\peauth.sys

0x16B53000 \SystemRoot\System32\Drivers\secdrv.SYS

0x16B5E000 \SystemRoot\System32\drivers\tcpipreg.sys

0x16B6E000 \SystemRoot\system32\DRIVERS\ipnat.sys

0x16B9D000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x771C0000 \Windows\System32\ntdll.dll

Processes (total 116):

0 System Idle Process

4 System

508 C:\Windows\System32\smss.exe

636 csrss.exe

672 C:\Windows\System32\wininit.exe

692 csrss.exe

728 C:\Windows\System32\services.exe

740 C:\Windows\System32\lsass.exe

748 C:\Windows\System32\lsm.exe

840 C:\Windows\System32\winlogon.exe

936 C:\Windows\System32\svchost.exe

1000 C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe

1012 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

316 C:\Windows\System32\svchost.exe

528 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

928 C:\Windows\System32\svchost.exe

1036 C:\Windows\System32\svchost.exe

1108 C:\Windows\System32\svchost.exe

1136 C:\Windows\System32\svchost.exe

1168 C:\Windows\System32\svchost.exe

1240 C:\Windows\System32\audiodg.exe

1268 C:\Windows\System32\svchost.exe

1288 C:\Windows\System32\SLsvc.exe

1316 C:\Windows\System32\svchost.exe

1672 C:\Windows\System32\wlanext.exe

1820 C:\Windows\System32\spoolsv.exe

1860 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

1896 C:\Windows\System32\svchost.exe

1968 C:\Program Files\SUPERAntiSpyware\SASCore64.exe

1160 C:\Windows\System32\agr64svc.exe

1464 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

2032 C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe

720 C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

2060 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

2100 C:\Program Files (x86)\AVG\AVG8\avgam.exe

2112 C:\Program Files (x86)\AVG\AVG8\avgrsa.exe

2156 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

2220 C:\Windows\SysWOW64\svchost.exe

2332 C:\PROGRA~2\McAfee\SITEAD~1\mcsacore.exe

2416 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe

2484 C:\Windows\System32\rundll32.exe

2496 C:\Windows\SysWOW64\rundll32.exe

2524 C:\Windows\System32\svchost.exe

2552 C:\Windows\System32\svchost.exe

2580 C:\Windows\System32\svchost.exe

2688 C:\Windows\System32\taskeng.exe

2712 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

2792 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

2808 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

2832 C:\Windows\System32\svchost.exe

2860 C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

2880 C:\Windows\System32\TODDSrv.exe

2912 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

2980 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

3008 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

1348 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

2360 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

3128 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

3144 C:\Windows\System32\svchost.exe

3180 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

3212 C:\Windows\System32\SearchIndexer.exe

3320 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

3436 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

3948 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

4044 C:\Windows\System32\alg.exe

4116 C:\Windows\System32\dwm.exe

4132 C:\Windows\System32\taskeng.exe

5044 C:\Windows\explorer.exe

3380 C:\Windows\System32\SearchProtocolHost.exe

912 C:\Program Files\Windows Defender\MSASCui.exe

1584 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

4060 C:\Windows\System32\igfxtray.exe

432 C:\Windows\System32\hkcmd.exe

1060 C:\Windows\System32\igfxpers.exe

4484 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

4500 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

1852 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

1660 C:\Windows\System32\igfxsrvc.exe

4556 C:\Windows\RAVCpl64.exe

1028 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

3792 C:\Program Files\Windows Sidebar\sidebar.exe

4672 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

4652 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

4656 C:\Windows\ehome\ehtray.exe

3692 C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

4216 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

4836 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

4268 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

4868 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

4932 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

4948 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

5112 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

4696 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

4692 C:\Program Files (x86)\AVG\AVG8\avgtray.exe

3528 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

3724 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

4200 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

4272 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

3476 C:\Windows\ehome\ehmsas.exe

4304 C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe

4128 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

1364 C:\Windows\System32\igfxext.exe

3816 C:\Program Files\Windows Sidebar\sidebar.exe

5744 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

5792 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

5132 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

4148 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

6088 C:\Windows\System32\wuauclt.exe

4492 C:\Program Files (x86)\AVG\AVG8\avgnsa.exe

5348 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

4884 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

5372 C:\Windows\notepad.exe

4436 C:\Windows\System32\notepad.exe

6052 dllhost.exe

4780 dllhost.exe

5716 C:\Users\R.M\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-26VAT0, Rev: 11.01A11

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61

Done!

Link to post
Share on other sites

Hello again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Please try this first:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

thanks for your help. It didnt find anything, here is the log:

2010/12/09 06:26:28.0435 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40

2010/12/09 06:26:28.0435 ================================================================================

2010/12/09 06:26:28.0435 SystemInfo:

2010/12/09 06:26:28.0435

2010/12/09 06:26:28.0435 OS Version: 6.0.6002 ServicePack: 2.0

2010/12/09 06:26:28.0435 Product type: Workstation

2010/12/09 06:26:28.0435 ComputerName: RM-PC1

2010/12/09 06:26:28.0440 UserName: R.M

2010/12/09 06:26:28.0440 Windows directory: C:\Windows

2010/12/09 06:26:28.0440 System windows directory: C:\Windows

2010/12/09 06:26:28.0440 Running under WOW64

2010/12/09 06:26:28.0440 Processor architecture: Intel x64

2010/12/09 06:26:28.0440 Number of processors: 2

2010/12/09 06:26:28.0440 Page size: 0x1000

2010/12/09 06:26:28.0440 Boot type: Normal boot

2010/12/09 06:26:28.0440 ================================================================================

2010/12/09 06:26:28.0441 Utility is running under WOW64

2010/12/09 06:26:29.0223 Initialize success

2010/12/09 06:27:21.0178 ================================================================================

2010/12/09 06:27:21.0178 Scan started

2010/12/09 06:27:21.0178 Mode: Manual;

2010/12/09 06:27:21.0178 ================================================================================

2010/12/09 06:27:22.0123 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

2010/12/09 06:27:22.0270 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

2010/12/09 06:27:22.0353 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

2010/12/09 06:27:22.0416 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

2010/12/09 06:27:22.0489 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

2010/12/09 06:27:22.0625 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys

2010/12/09 06:27:22.0823 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys

2010/12/09 06:27:22.0970 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

2010/12/09 06:27:23.0041 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

2010/12/09 06:27:23.0116 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

2010/12/09 06:27:23.0153 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

2010/12/09 06:27:23.0191 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

2010/12/09 06:27:23.0274 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

2010/12/09 06:27:23.0340 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

2010/12/09 06:27:23.0394 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/12/09 06:27:23.0470 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

2010/12/09 06:27:23.0586 athr (45511c7e870d3adddd60049232ea96b3) C:\Windows\system32\DRIVERS\athrx.sys

2010/12/09 06:27:23.0740 AvgLdx64 (276c5b14336452c8ce547ed5d00e0e62) C:\Windows\System32\Drivers\avgldx64.sys

2010/12/09 06:27:23.0842 AvgMfx64 (b9c21c3753dcbccac6b62e1a560eb6f7) C:\Windows\System32\Drivers\avgmfx64.sys

2010/12/09 06:27:23.0926 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys

2010/12/09 06:27:23.0996 AvgRkx64 (56000e9d0bffa9887ff33150966a118e) C:\Windows\system32\Drivers\avgrkx64.sys

2010/12/09 06:27:24.0052 AvgTdiA (86d08cf28005f7f626a84d512f84d6c2) C:\Windows\System32\Drivers\avgtdia.sys

2010/12/09 06:27:24.0111 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys

2010/12/09 06:27:24.0232 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

2010/12/09 06:27:24.0280 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys

2010/12/09 06:27:24.0338 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

2010/12/09 06:27:24.0377 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

2010/12/09 06:27:24.0444 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

2010/12/09 06:27:24.0491 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

2010/12/09 06:27:24.0528 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

2010/12/09 06:27:24.0563 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

2010/12/09 06:27:24.0602 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

2010/12/09 06:27:24.0656 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

2010/12/09 06:27:24.0728 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

2010/12/09 06:27:24.0781 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

2010/12/09 06:27:24.0864 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

2010/12/09 06:27:25.0010 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/12/09 06:27:25.0126 cmdGuard (d1ca68b45bde2139a7b702e0a6d33798) C:\Windows\system32\DRIVERS\cmdguard.sys

2010/12/09 06:27:25.0182 cmdHlp (96716fa2e398880ba3f28b8fd4401b6b) C:\Windows\system32\DRIVERS\cmdhlp.sys

2010/12/09 06:27:25.0230 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

2010/12/09 06:27:25.0282 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

2010/12/09 06:27:25.0354 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

2010/12/09 06:27:25.0474 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys

2010/12/09 06:27:25.0570 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

2010/12/09 06:27:25.0692 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys

2010/12/09 06:27:25.0741 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2010/12/09 06:27:25.0794 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys

2010/12/09 06:27:25.0872 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

2010/12/09 06:27:25.0951 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys

2010/12/09 06:27:26.0088 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

2010/12/09 06:27:26.0174 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

2010/12/09 06:27:26.0276 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

2010/12/09 06:27:26.0364 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

2010/12/09 06:27:26.0467 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

2010/12/09 06:27:26.0550 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

2010/12/09 06:27:26.0605 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

2010/12/09 06:27:26.0673 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

2010/12/09 06:27:26.0721 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

2010/12/09 06:27:26.0764 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/12/09 06:27:26.0844 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

2010/12/09 06:27:26.0945 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

2010/12/09 06:27:27.0010 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

2010/12/09 06:27:27.0084 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys

2010/12/09 06:27:27.0131 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

2010/12/09 06:27:27.0232 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

2010/12/09 06:27:27.0361 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/12/09 06:27:27.0460 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

2010/12/09 06:27:27.0513 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

2010/12/09 06:27:27.0594 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

2010/12/09 06:27:27.0648 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

2010/12/09 06:27:27.0766 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

2010/12/09 06:27:27.0850 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

2010/12/09 06:27:27.0912 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/12/09 06:27:27.0987 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys

2010/12/09 06:27:28.0038 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

2010/12/09 06:27:28.0321 igfx (663e7364f650a915d415eeb2da98d86a) C:\Windows\system32\DRIVERS\igdkmd64.sys

2010/12/09 06:27:28.0604 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

2010/12/09 06:27:28.0699 inspect (dec31e6a2b2ebe1da8bf4e78f0c41ef5) C:\Windows\system32\DRIVERS\inspect.sys

2010/12/09 06:27:28.0809 IntcAzAudAddService (1835b384d2d66752ed1460e9085230bd) C:\Windows\system32\drivers\RTKVHD64.sys

2010/12/09 06:27:28.0922 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

2010/12/09 06:27:28.0969 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

2010/12/09 06:27:29.0065 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/12/09 06:27:29.0169 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

2010/12/09 06:27:29.0211 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

2010/12/09 06:27:29.0251 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

2010/12/09 06:27:29.0295 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

2010/12/09 06:27:29.0363 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/12/09 06:27:29.0401 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

2010/12/09 06:27:29.0444 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

2010/12/09 06:27:29.0560 JSWPSLWF (9d86c5091209ca4bd3762bed6f654501) C:\Windows\system32\DRIVERS\jswpslwfx.sys

2010/12/09 06:27:29.0607 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/12/09 06:27:29.0658 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/12/09 06:27:29.0758 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

2010/12/09 06:27:29.0845 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

2010/12/09 06:27:29.0923 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

2010/12/09 06:27:29.0998 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

2010/12/09 06:27:30.0045 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

2010/12/09 06:27:30.0120 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

2010/12/09 06:27:30.0183 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

2010/12/09 06:27:30.0270 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

2010/12/09 06:27:30.0370 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

2010/12/09 06:27:30.0452 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

2010/12/09 06:27:30.0534 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

2010/12/09 06:27:30.0588 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

2010/12/09 06:27:30.0625 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

2010/12/09 06:27:30.0666 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

2010/12/09 06:27:30.0738 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

2010/12/09 06:27:30.0790 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

2010/12/09 06:27:30.0836 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

2010/12/09 06:27:30.0914 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

2010/12/09 06:27:30.0977 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/12/09 06:27:31.0047 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/12/09 06:27:31.0133 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/12/09 06:27:31.0206 msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys

2010/12/09 06:27:31.0262 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

2010/12/09 06:27:31.0336 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

2010/12/09 06:27:31.0419 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

2010/12/09 06:27:31.0507 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

2010/12/09 06:27:31.0561 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/12/09 06:27:31.0595 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

2010/12/09 06:27:31.0673 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

2010/12/09 06:27:31.0743 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/12/09 06:27:31.0819 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

2010/12/09 06:27:31.0868 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

2010/12/09 06:27:31.0972 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

2010/12/09 06:27:32.0077 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

2010/12/09 06:27:32.0152 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/12/09 06:27:32.0203 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/12/09 06:27:32.0279 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/12/09 06:27:32.0346 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

2010/12/09 06:27:32.0419 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

2010/12/09 06:27:32.0534 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

2010/12/09 06:27:32.0652 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

2010/12/09 06:27:32.0728 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

2010/12/09 06:27:32.0789 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

2010/12/09 06:27:32.0923 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

2010/12/09 06:27:33.0066 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

2010/12/09 06:27:33.0120 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

2010/12/09 06:27:33.0161 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

2010/12/09 06:27:33.0218 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

2010/12/09 06:27:33.0360 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys

2010/12/09 06:27:33.0463 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

2010/12/09 06:27:33.0539 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

2010/12/09 06:27:33.0635 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

2010/12/09 06:27:33.0687 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\DRIVERS\pciide.sys

2010/12/09 06:27:33.0733 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

2010/12/09 06:27:33.0804 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

2010/12/09 06:27:34.0018 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

2010/12/09 06:27:34.0078 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

2010/12/09 06:27:34.0185 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

2010/12/09 06:27:34.0263 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

2010/12/09 06:27:34.0367 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

2010/12/09 06:27:34.0433 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

2010/12/09 06:27:34.0480 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

2010/12/09 06:27:34.0554 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/12/09 06:27:34.0639 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/12/09 06:27:34.0699 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

2010/12/09 06:27:34.0776 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

2010/12/09 06:27:34.0849 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/12/09 06:27:34.0911 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

2010/12/09 06:27:34.0963 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

2010/12/09 06:27:35.0028 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

2010/12/09 06:27:35.0197 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

2010/12/09 06:27:35.0290 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys

2010/12/09 06:27:35.0392 RTSTOR (108729909ce285a352a1d1cb96bb1b2e) C:\Windows\system32\drivers\RTSTOR64.SYS

2010/12/09 06:27:35.0484 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

2010/12/09 06:27:35.0530 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

2010/12/09 06:27:35.0591 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

2010/12/09 06:27:35.0707 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/12/09 06:27:35.0761 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

2010/12/09 06:27:35.0810 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

2010/12/09 06:27:35.0849 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

2010/12/09 06:27:35.0922 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

2010/12/09 06:27:35.0961 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

2010/12/09 06:27:36.0003 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

2010/12/09 06:27:36.0044 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

2010/12/09 06:27:36.0105 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

2010/12/09 06:27:36.0166 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

2010/12/09 06:27:36.0265 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

2010/12/09 06:27:36.0358 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

2010/12/09 06:27:36.0496 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys

2010/12/09 06:27:36.0643 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys

2010/12/09 06:27:36.0746 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys

2010/12/09 06:27:36.0810 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys

2010/12/09 06:27:36.0920 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

2010/12/09 06:27:36.0989 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

2010/12/09 06:27:37.0028 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

2010/12/09 06:27:37.0076 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

2010/12/09 06:27:37.0143 SynTP (d8edb37f6e235a47e12f1eafd85c2b6f) C:\Windows\system32\DRIVERS\SynTP.sys

2010/12/09 06:27:37.0302 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys

2010/12/09 06:27:37.0474 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys

2010/12/09 06:27:37.0536 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

2010/12/09 06:27:37.0596 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys

2010/12/09 06:27:37.0664 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

2010/12/09 06:27:37.0700 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

2010/12/09 06:27:37.0772 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

2010/12/09 06:27:37.0845 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

2010/12/09 06:27:37.0995 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys

2010/12/09 06:27:38.0084 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/12/09 06:27:38.0143 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

2010/12/09 06:27:38.0209 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

2010/12/09 06:27:38.0281 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

2010/12/09 06:27:38.0333 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

2010/12/09 06:27:38.0398 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

2010/12/09 06:27:38.0513 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

2010/12/09 06:27:38.0573 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

2010/12/09 06:27:38.0633 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

2010/12/09 06:27:38.0689 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

2010/12/09 06:27:38.0745 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

2010/12/09 06:27:38.0852 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/12/09 06:27:38.0894 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

2010/12/09 06:27:38.0960 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

2010/12/09 06:27:39.0031 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

2010/12/09 06:27:39.0103 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

2010/12/09 06:27:39.0173 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

2010/12/09 06:27:39.0242 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

2010/12/09 06:27:39.0308 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/12/09 06:27:39.0390 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/12/09 06:27:39.0466 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

2010/12/09 06:27:39.0540 USB_RNDIS (f4f8d86e6fcab839438b23dfafc7951f) C:\Windows\system32\DRIVERS\usb8023.sys

2010/12/09 06:27:39.0644 UVCFTR (56ed086f1300ecb1e6f67ac43955e5e9) C:\Windows\system32\Drivers\UVCFTR_S.SYS

2010/12/09 06:27:39.0713 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/12/09 06:27:39.0764 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

2010/12/09 06:27:39.0800 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

2010/12/09 06:27:39.0883 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

2010/12/09 06:27:39.0967 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

2010/12/09 06:27:40.0051 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

2010/12/09 06:27:40.0124 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

2010/12/09 06:27:40.0195 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

2010/12/09 06:27:40.0281 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/09 06:27:40.0320 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/09 06:27:40.0366 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

2010/12/09 06:27:40.0462 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

2010/12/09 06:27:40.0572 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

2010/12/09 06:27:40.0824 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

2010/12/09 06:27:40.0910 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

2010/12/09 06:27:40.0989 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/12/09 06:27:41.0093 ================================================================================

2010/12/09 06:27:41.0093 Scan finished

2010/12/09 06:27:41.0093 ================================================================================

2010/12/09 06:28:21.0776 Deinitialize success

Link to post
Share on other sites

Yeah, i tried it but no luck. Also I try to research it a bit more and what i found is this:

System Requirements: Combofix currently only works with Windows 2000/XP/Vista/Windows 7 (32-bit).

Why? Due to the architecture in 64-bit windows, drivers need to be digitally signed. Windows 64-bit enforces driver signing so rootkits cannot reside on that system unless someone is going to issue certificates to malware writers. Since drivers need to be specific, 32-bit drivers do not run on a 64-bit operating system. As such, rootkits are not seen as often on 64-bit machines so they are less prone to that type of infection but with technology that may change. Right now, the tool's creator has indicated it is very unlikely that there will be a 64-bit version of ComboFix since that OS is more secure than a 32-bit system.

Note: Although ComboFix will work on Windows 7, it is not officially supported yet so if it is run you will receive a warning message that it is a beta version meant for compatibility testing.

http://www.bleepingcomputer.com/forums/topic273628.html

My operating system is 64 bit i think. Do you reckon this has something to do with it? Also the resident shield alert has not shown up at all in my last 3 open ups with my comp...ever since i updated my avg its sort of stop popping up but my anti virus isn't finding it still.

Do u think its still there?

Link to post
Share on other sites

Hi, Combofix is 64 bit compatible (although it was not at the time of the post you linked to).

Did you get prompted to uninstall AVG before running Combofix? If not, please do so (we can reinstall it later), because it will interfere with running combofix otherwise.

Link to post
Share on other sites

Elise, im telling u right now...you are fricking awesome for your help.

But is it weird that when running combofix - you get access deneid at the start? and it didnt reboot despite finding those infection? Heres the log:

ComboFix 10-12-07.06 - R.M 09/12/2010 18:16:49.1.2 - x64

Microsoft

Link to post
Share on other sites

Hi again, glad to hear it ran now. :P How are things running now? Any problem left?

P2P WARNING

-------------------

Going over your logs I noticed that you have uTorrent installed.

[*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5277

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

9/12/2010 7:52:30 PM

mbam-log-2010-12-09 (19-52-30).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 302680

Time elapsed: 1 hour(s), 1 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Looks good! :) Lets do one last scan to check for leftovers.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

That means you're all cleaned up. :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :P

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, MBRcheck and OTL.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.