CorvidMoon

Virus/malware that just wont go away and Google redirecting

43 posts in this topic

Greetings,

I have been having malware issues for nearly a month now, Neither malwarebytes (it will ask me to reboot and I do but it doesn't do anything towards getting rid of issues) or Avira seem to be able to get rid of it. I got the BSoD a few evenings ago but was able to repair my computer enough to get it working reasonably well. It all started as Win 7 antivirus but seems to have snowballed from there. Google redirecting me to ads just started this morning.

Here is my latest report from malwarebytes, then DDS.txt, and then Attach.txt

I appreciate any help anyone is able to give!

CorvidMoon

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.28.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Atani :: ATANI-PC [administrator]

1/29/2012 6:03:48 AM

mbam-log-2012-01-29 (06-03-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 184877

Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Detected: 2

C:\Windows\Temp\0.8132112012477515.exe (Trojan.FakeMS) -> 2504 -> Delete on reboot.

C:\Windows\svchost.exe (Trojan.Agent) -> 4556 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 5

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|configremote (Trojan.FakeMS) -> Data: C:\ProgramData\configremote.exe -> Quarantined and deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|configremote (Trojan.FakeMS) -> Data: C:\ProgramData\configremote.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|krnlhtml (Trojan.FakeMS) -> Data: C:\windows\system32\config\systemprofile\AppData\Roaming\krnlhtml.exe -> Quarantined and deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|krnlhtml (Trojan.FakeMS) -> Data: C:\windows\system32\config\systemprofile\AppData\Roaming\krnlhtml.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 7

C:\Windows\Temp\0.8132112012477515.exe (Trojan.FakeMS) -> Delete on reboot.

C:\ProgramData\configremote.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

C:\Windows\System32\config\systemprofile\AppData\Roaming\krnlhtml.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

C:\Windows\Temp\0.3594625925060203.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

C:\Windows\Temp\deviceauto.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

C:\Windows\Temp\ikixzkz.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Atani at 18:48:48 on 2012-01-29

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4059.941 [GMT -6:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\windows\system32\conhost.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\ThpSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

-netsvcs

C:\windows\system32\conhost.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\windows\system32\taskeng.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\ltmoh\ltmoh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TECO\TEco.exe

C:\Windows\System32\ThpSrv.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\windows\system32\conhost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\igfxext.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\TOSHIBA\rselect\RSelSvc.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

uRun: [conhost] C:\Users\Atani\AppData\Roaming\Microsoft\conhost.exe

uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [backupNowEZtray] "C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" -k

mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini

dRun: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{0A49CD56-EDC2-43B6-B4B7-5AE244BECB66} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{0A49CD56-EDC2-43B6-B4B7-5AE244BECB66}\2375942554430343 : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [backupNowEZtray] "C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" -k

mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini

Hosts: 94.63.240.133 www.google.com

Hosts: 94.63.240.134 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Atani\AppData\Roaming\Mozilla\Firefox\Profiles\sdps91d4.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.mail.yahoo.com/

FF - prefs.js: network.proxy.type - 4

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Atani\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]

R1 PMCF;PMCF;\??\C:\windows\system32\drivers\PMCF.sys --> C:\windows\system32\drivers\PMCF.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-15 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-12-15 269480]

R2 avgntflt;avgntflt;C:\windows\system32\DRIVERS\avgntflt.sys --> C:\windows\system32\DRIVERS\avgntflt.sys [?]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]

R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2010-2-22 45312]

R2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys --> C:\windows\system32\DRIVERS\rimspe64.sys [?]

R2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys --> C:\windows\system32\DRIVERS\risdpe64.sys [?]

R2 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys --> C:\windows\system32\DRIVERS\rixdpe64.sys [?]

R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-7-7 65904]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-27 251760]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-7-8 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-9-17 137560]

R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

S2 0168891292591375mcinstcleanup;McAfee Application Installer Cleanup (0168891292591375);C:\Users\Atani\AppData\Local\Temp\016889~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Users\Atani\AppData\Local\Temp\016889~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-30 135664]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-30 135664]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]

.

=============== Created Last 30 ================

.

2012-01-29 12:12:44 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%

2012-01-29 11:29:46 20480 ------w- C:\windows\svchost.exe

2012-01-13 09:08:06 514560 ----a-w- C:\windows\SysWow64\qdvd.dll

2012-01-13 09:08:06 366592 ----a-w- C:\windows\System32\qdvd.dll

2012-01-13 09:08:06 1572864 ----a-w- C:\windows\System32\quartz.dll

2012-01-13 09:08:05 1328128 ----a-w- C:\windows\SysWow64\quartz.dll

2012-01-13 09:01:11 1731920 ----a-w- C:\windows\System32\ntdll.dll

2012-01-13 09:01:10 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll

2012-01-13 09:00:53 77312 ----a-w- C:\windows\System32\packager.dll

2012-01-13 09:00:53 67072 ----a-w- C:\windows\SysWow64\packager.dll

2012-01-07 11:52:21 -------- d-----w- C:\Users\Atani\AppData\Local\Scansoft

2012-01-07 06:11:29 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-01-06 00:55:28 -------- d-----w- C:\Users\Atani\AppData\Roaming\Nuance

2012-01-06 00:34:56 -------- d-----w- C:\Program Files (x86)\Common Files\ScanSoft Shared

2012-01-06 00:34:55 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance

2012-01-06 00:31:29 -------- d-----w- C:\ProgramData\Nuance

2012-01-06 00:31:29 -------- d-----w- C:\Program Files (x86)\Nuance

2012-01-04 16:25:46 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-04 16:25:46 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-04 16:25:46 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-04 16:25:46 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

2012-01-03 23:59:13 -------- d-----w- C:\Program Files (x86)\MHTML Converter

.

==================== Find3M ====================

.

2011-12-10 21:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys

2011-11-24 04:52:09 3145216 ----a-w- C:\windows\System32\win32k.sys

2011-11-05 05:41:43 1188864 ----a-w- C:\windows\System32\wininet.dll

2011-11-05 05:32:50 2048 ----a-w- C:\windows\System32\tzres.dll

2011-11-05 04:35:00 981504 ----a-w- C:\windows\SysWow64\wininet.dll

2011-11-05 04:26:03 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2011-11-05 03:32:47 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2011-11-05 02:48:51 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

.

============= FINISH: 18:49:34.56 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 9/30/2010 1:08:37 PM

System Uptime: 1/29/2012 5:37:45 PM (1 hours ago)

.

Motherboard: TOSHIBA | | To be filled by O.E.M.

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | CPU 1 | 2100/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 280 GiB total, 220.039 GiB free.

D: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP180: 1/13/2012 3:00:24 AM - Windows Update

RP181: 1/21/2012 12:01:44 AM - Scheduled Checkpoint

RP182: 1/29/2012 2:03:07 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1

Avira AntiVir Personal - Free Antivirus

Canon DIGITAL CAMERA Solution Disk Software Guide

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon MP Navigator EX 2.0

Canon Personal Printing Guide

Canon PowerShot SX20 IS Camera User Guide

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC

Canon Utilities CameraWindow DC 8

Canon Utilities MyCamera

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Compatibility Pack for the 2007 Office system

D3DX10

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Direct DiscRecorder

Dragon NaturallySpeaking 10

DVD MovieFactory for TOSHIBA

Google Toolbar for Internet Explorer

Google Update Helper

HGTV Home and Landscape Platinum Suite

Ingram Media Manager

Java™ 6 Update 14

Junk Mail filter update

Malwarebytes Anti-Malware version 1.60.0.1800

MHTML Converter

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Mozilla Firefox 9.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyToshiba

NetZero Launcher

NTI Backup Now EZ

Origin

Quickbooks Financial Center

Realtek 8136 8168 8169 Ethernet Driver

Realtek High Definition Audio Driver

Realtek WLAN Driver

RICOH R5U230 Media Driver ver.2.06.03.02

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Skype Launcher

SPORE™

Toshiba Application Installer

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA DVD PLAYER

TOSHIBA eco Utility

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

TOSHIBA Internal Modem Region Select Utility

Toshiba Online Backup

Toshiba Quality Application

TOSHIBA Service Station

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA USB Sleep and Charge Utility

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

ToshibaRegistration

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

WildTangent Games

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! Install Manager

.

==== Event Viewer Messages From Past Week ========

.

1/29/2012 6:18:07 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

1/29/2012 6:14:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Agere Modem Call Progress Audio service to connect.

1/29/2012 6:14:43 AM, Error: Service Control Manager [7000] - The Agere Modem Call Progress Audio service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/29/2012 6:12:32 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

1/29/2012 6:11:45 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

1/29/2012 6:11:44 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

1/29/2012 6:11:43 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

1/29/2012 5:46:15 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

1/28/2012 5:27:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

1/24/2012 8:23:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a00093f000, 0x0000000000000000, 0xfffff80002d3038e, 0x0000000000000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 012412-26239-01.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run these scan!

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

-------------

Next..........

Please download and run RogueKiller.

Click Scan to scan the system (don't run any other options)

Post back the report.

-------------------------

Last.......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Share this post


Link to post
Share on other sites

Thanks so much for helping me!

farbar:

Farbar Service Scanner Version: 01-02-2012 03

Ran by Atani (administrator) on 01-02-2012 at 11:59:41

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

IE proxy is enabled.

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.

Windows Update:

===========

BITS Service is not running. Checking service configuration:

The start type of BITS service is set to Demand. The default start type is Auto.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Roguekiller:

RogueKiller V7.0.2 [01/30/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Atani [Admin rights]

Mode: Scan -- Date : 02/01/2012 12:02:28

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[HJ NAME] HKCU\[...]\Run : conhost (C:\Users\Atani\AppData\Roaming\Microsoft\conhost.exe) -> FOUND

[HJ NAME] HKUS\S-1-5-21-511026275-2681559148-2892065646-1001[...]\Run : conhost (C:\Users\Atani\AppData\Roaming\Microsoft\conhost.exe) -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[FOLDER] plugs : c:\users\atani\appdata\roaming\adobe\plugs --> FOUND

[FOLDER] shed : c:\users\atani\appdata\roaming\adobe\shed --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

94.63.240.133 www.google.com

94.63.240.134 www.bing.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MJA2320BH G2 +++++

--- User ---

[MBR] 7a448f4206b038b42f8d8f86c48af34b

[bSP] cb2094e11372bb77babc5d916b02aff7 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 287000 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 590850048 | Size: 16743 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 52377e3afa86618b964ab573e1209a1c

[bSP] 4a455545efb56b9fdd8afc5f328ca0bf : PiHar MBR Code!

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 287000 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 590850048 | Size: 16743 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] 52377e3afa86618b964ab573e1209a1c

[bSP] 4a455545efb56b9fdd8afc5f328ca0bf : PiHar MBR Code!

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 287000 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 590850048 | Size: 16743 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Otl:

OTL logfile created on: 2/1/2012 12:04:33 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Atani\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 56.01% Memory free

7.93 Gb Paging File | 5.97 Gb Available in Paging File | 75.27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 280.27 Gb Total Space | 218.26 Gb Free Space | 77.87% Space Free | Partition Type: NTFS

Drive D: | 1.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ATANI-PC | User Name: Atani | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/01 12:03:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Atani\Desktop\OTL.exe

PRC - [2012/02/01 12:02:05 | 001,201,664 | ---- | M] () -- C:\Users\Atani\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NLQTUZ32\RogueKiller[1].exe

PRC - [2012/01/10 05:11:03 | 000,307,312 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2012/01/04 10:25:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2011/06/28 20:59:54 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/04/27 18:17:56 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2010/11/30 18:13:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/02/22 09:44:20 | 000,577,792 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe

PRC - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe

PRC - [2009/09/03 16:06:32 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2009/08/11 12:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

PRC - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/02 12:05:00 | 000,252,288 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2008/09/25 16:49:00 | 000,195,080 | ---- | M] (LSI Corp.) -- C:\Program Files\ltmoh\ltmoh.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/04 10:25:46 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2011/06/16 21:49:16 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2008/09/29 16:37:44 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\sqlite3.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/17 14:41:36 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/08/27 14:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2009/08/21 10:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2009/08/04 12:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2009/07/28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2009/07/08 10:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)

SRV:64bit: - [2009/07/07 10:38:24 | 000,065,904 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)

SRV:64bit: - [2009/03/27 19:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)

SRV - [2011/06/28 20:59:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/04/27 18:17:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)

SRV - [2009/08/10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

SRV - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/28 21:00:02 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011/06/28 21:00:02 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/10/02 12:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)

DRV:64bit: - [2009/08/27 09:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/28 19:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)

DRV:64bit: - [2009/07/28 11:10:44 | 000,016,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PMCF.sys -- (PMCF)

DRV:64bit: - [2009/07/24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2009/07/21 15:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 17:36:22 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2009/07/13 15:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/07/04 20:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)

DRV:64bit: - [2009/07/02 09:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)

DRV:64bit: - [2009/06/29 17:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)

DRV:64bit: - [2009/06/29 11:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)

DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/05/22 23:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/05/05 15:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/05 15:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-511026275-2681559148-2892065646-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

IE - HKU\S-1-5-21-511026275-2681559148-2892065646-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

IE - HKU\S-1-5-21-511026275-2681559148-2892065646-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.mail.yahoo.com/"

FF - prefs.js..network.proxy.type: 4

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Atani\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/04 10:25:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/27 21:30:52 | 000,000,000 | ---D | M]

[2010/09/30 12:15:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Atani\AppData\Roaming\Mozilla\Extensions

[2012/01/13 19:04:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Atani\AppData\Roaming\Mozilla\Firefox\Profiles\sdps91d4.default\extensions

[2011/03/30 09:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

() (No name found) -- C:\USERS\ATANI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDPS91D4.DEFAULT\EXTENSIONS\ES-MX@DICTIONARIES.ADDONS.MOZILLA.ORG.XPI

[2012/01/04 10:25:48 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/01/04 10:25:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/01/04 10:25:44 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/29 00:51:53 | 000,000,884 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 94.63.240.133 www.google.com

O1 - Hosts: 94.63.240.134 www.bing.com

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-511026275-2681559148-2892065646-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [] File not found

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (LSI Corp.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [backupNowEZtray] C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O4 - HKU\.DEFAULT..\Run: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found

O4 - HKU\S-1-5-18..\Run: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-511026275-2681559148-2892065646-1001..\Run: [conhost] C:\Users\Atani\AppData\Roaming\Microsoft\conhost.exe File not found

O4 - HKU\S-1-5-21-511026275-2681559148-2892065646-1001..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A49CD56-EDC2-43B6-B4B7-5AE244BECB66}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/16 18:02:32 | 000,000,027 | R--- | M] () - D:\Autorun.inf -- [ UDF ]

O33 - MountPoints2\{5d398463-8af4-11df-914c-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{5d398463-8af4-11df-914c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2009/03/16 18:11:13 | 000,423,408 | R--- | M] (Nuance Communications Inc. )

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKU\S-1-5-21-511026275-2681559148-2892065646-1001..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-511026275-2681559148-2892065646-1001\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/01 12:03:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Atani\Desktop\OTL.exe

[2012/02/01 12:02:08 | 000,000,000 | ---D | C] -- C:\Users\Atani\Desktop\RK_Quarantine

[2012/01/29 06:12:44 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%

[2012/01/24 20:23:17 | 000,000,000 | ---D | C] -- C:\windows\Minidump

[2012/01/24 20:16:56 | 000,000,000 | ---D | C] -- C:\windows\Sun

[2012/01/07 05:52:21 | 000,000,000 | ---D | C] -- C:\Users\Atani\AppData\Local\Scansoft

[2012/01/07 00:11:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2012/01/05 18:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield

[2012/01/05 18:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/01/05 18:55:28 | 000,000,000 | ---D | C] -- C:\Users\Atani\AppData\Roaming\Nuance

[2012/01/05 18:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 10.0

[2012/01/05 18:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared

[2012/01/05 18:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft

[2012/01/05 18:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nuance

[2012/01/05 18:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance

[2012/01/05 18:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance

[2012/01/03 18:02:03 | 000,000,000 | ---D | C] -- C:\Users\Atani\Desktop\Necropsy Reports

[2012/01/03 18:00:23 | 000,000,000 | ---D | C] -- C:\Users\Atani\Desktop\10-20-11 khulis marmoset #6556

[2012/01/03 18:00:23 | 000,000,000 | ---D | C] -- C:\Users\Atani\Desktop\10-20-11 khulis marmoset #6555

[2012/01/03 17:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MHTML Converter

[2012/01/03 17:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MHTML Converter

[2012/01/03 17:58:26 | 000,197,893 | ---- | C] (Daniel Pedigo) -- C:\Users\Atani\Desktop\MHTML-Converter-Setup.exe

[4 C:\Users\Atani\Documents\*.tmp files -> C:\Users\Atani\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/01 12:03:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Atani\Desktop\OTL.exe

[2012/02/01 11:38:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/01 11:30:03 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/02/01 03:28:01 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/01 03:28:01 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/01 03:27:45 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/02/01 03:27:45 | 000,624,352 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/02/01 03:27:45 | 000,106,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/02/01 03:20:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/02/01 03:20:16 | 3192,262,656 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/31 19:32:57 | 000,000,526 | ---- | M] () -- C:\windows\tasks\NatSpeak Periodic Language Model Optimization.job

[2012/01/29 18:08:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Atani\Desktop\dds.scr

[2012/01/26 13:00:42 | 000,000,502 | ---- | M] () -- C:\windows\tasks\NatSpeak Periodic Acoustic Optimization.job

[2012/01/24 20:23:08 | 166,444,544 | ---- | M] () -- C:\windows\MEMORY.DMP

[2012/01/06 23:40:52 | 000,001,675 | ---- | M] () -- C:\Users\Atani\AppData\Roaming\SAS7_000.DAT

[2012/01/05 18:54:57 | 000,002,799 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk

[2012/01/04 10:26:04 | 000,002,063 | ---- | M] () -- C:\Users\Atani\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/01/04 09:43:45 | 000,011,318 | -HS- | M] () -- C:\Users\Atani\AppData\Local\uoe838qn1qnc32yu2q664g3nimdcl7bu7wrib

[2012/01/04 09:43:45 | 000,011,318 | -HS- | M] () -- C:\ProgramData\uoe838qn1qnc32yu2q664g3nimdcl7bu7wrib

[2012/01/03 17:59:46 | 000,023,337 | ---- | M] () -- C:\Users\Atani\Desktop\10-20-11 khulis marmoset #6555.mht

[2012/01/03 17:58:26 | 000,197,893 | ---- | M] (Daniel Pedigo) -- C:\Users\Atani\Desktop\MHTML-Converter-Setup.exe

[4 C:\Users\Atani\Documents\*.tmp files -> C:\Users\Atani\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/24 20:23:08 | 166,444,544 | ---- | C] () -- C:\windows\MEMORY.DMP

[2012/01/05 19:45:31 | 000,001,675 | ---- | C] () -- C:\Users\Atani\AppData\Roaming\SAS7_000.DAT

[2012/01/05 19:44:26 | 000,000,526 | ---- | C] () -- C:\windows\tasks\NatSpeak Periodic Language Model Optimization.job

[2012/01/05 19:44:25 | 000,000,502 | ---- | C] () -- C:\windows\tasks\NatSpeak Periodic Acoustic Optimization.job

[2012/01/05 18:54:57 | 000,002,799 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk

[2012/01/03 23:39:06 | 000,011,318 | -HS- | C] () -- C:\Users\Atani\AppData\Local\uoe838qn1qnc32yu2q664g3nimdcl7bu7wrib

[2012/01/03 23:39:06 | 000,011,318 | -HS- | C] () -- C:\ProgramData\uoe838qn1qnc32yu2q664g3nimdcl7bu7wrib

[2012/01/03 17:59:46 | 000,023,337 | ---- | C] () -- C:\Users\Atani\Desktop\10-20-11 khulis marmoset #6555.mht

[2011/12/29 18:37:39 | 000,009,188 | -HS- | C] () -- C:\Users\Atani\AppData\Local\sev68fq41yk1qbmnnfrx803860r6kgy265y01qxpow6

[2011/12/29 18:37:39 | 000,009,188 | -HS- | C] () -- C:\ProgramData\sev68fq41yk1qbmnnfrx803860r6kgy265y01qxpow6

[2011/12/21 11:04:19 | 000,011,170 | -HS- | C] () -- C:\Users\Atani\AppData\Local\wnvmdd1a4gvf4tdl1nup0y664v8u

[2011/12/21 11:04:19 | 000,011,170 | -HS- | C] () -- C:\ProgramData\wnvmdd1a4gvf4tdl1nup0y664v8u

[2011/12/19 22:47:41 | 000,011,650 | -HS- | C] () -- C:\Users\Atani\AppData\Local\gvwxmx4a6mpq6fpy7ogq7g473s8k

[2011/12/19 22:47:41 | 000,011,650 | -HS- | C] () -- C:\ProgramData\gvwxmx4a6mpq6fpy7ogq7g473s8k

[2011/12/07 02:10:26 | 000,010,388 | -HS- | C] () -- C:\Users\Atani\AppData\Local\811850x7d643j541e433b1rwv2b7

[2011/12/07 02:10:26 | 000,010,388 | -HS- | C] () -- C:\ProgramData\811850x7d643j541e433b1rwv2b7

[2011/05/27 21:06:26 | 000,000,160 | ---- | C] () -- C:\ProgramData\~46651724r

[2011/05/27 21:06:23 | 000,000,136 | ---- | C] () -- C:\ProgramData\~46651724

[2011/05/27 21:05:59 | 000,000,344 | ---- | C] () -- C:\ProgramData\46651724

[2011/05/27 21:00:21 | 000,000,000 | -H-- | C] () -- C:\Users\Atani\AppData\Local\Ccugowo.bin

[2011/05/27 21:00:20 | 000,000,120 | -H-- | C] () -- C:\Users\Atani\AppData\Local\Xpicu.dat

[2011/05/27 20:58:47 | 000,011,362 | -HS- | C] () -- C:\Users\Atani\AppData\Local\vj28e45p48j4ud2it7f60757238g166fes853a7b58t8w4j

[2011/05/27 20:58:47 | 000,011,362 | -HS- | C] () -- C:\ProgramData\vj28e45p48j4ud2it7f60757238g166fes853a7b58t8w4j

[2011/05/27 20:56:19 | 000,007,322 | -H-- | C] () -- C:\Users\Atani\AppData\Roaming\262A.92C

[2011/05/23 21:21:37 | 000,012,656 | -HS- | C] () -- C:\Users\Atani\AppData\Local\p80yr1q6khf8744k787c8p2da1mtj26a0v25m83be2

[2011/05/23 21:21:37 | 000,012,656 | -HS- | C] () -- C:\ProgramData\p80yr1q6khf8744k787c8p2da1mtj26a0v25m83be2

[2011/05/15 21:14:29 | 000,009,422 | -HS- | C] () -- C:\Users\Atani\AppData\Local\t2ybcc7v0fo3v477kk270ad

[2011/05/15 21:14:29 | 000,009,422 | -HS- | C] () -- C:\ProgramData\t2ybcc7v0fo3v477kk270ad

[2010/12/17 16:12:00 | 000,000,132 | -H-- | C] () -- C:\Users\Atani\AppData\Roaming\wklnhst.dat

[2010/09/30 12:10:39 | 000,000,014 | RHS- | C] () -- C:\windows\SysWow64\drivers\fbd.sys

[2010/07/08 19:19:15 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI

[2009/09/05 00:32:40 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2009/08/27 09:05:12 | 000,982,220 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin

[2009/08/27 09:05:12 | 000,439,300 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin

[2009/08/27 09:05:12 | 000,134,592 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin

[2009/08/27 09:05:12 | 000,092,216 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin

[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT

[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat

[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll

[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/07 18:15:04 | 000,000,000 | -H-D | M] -- C:\Users\Atani\AppData\Roaming\Canon

[2012/01/05 18:55:28 | 000,000,000 | ---D | M] -- C:\Users\Atani\AppData\Roaming\Nuance

[2011/08/20 21:54:38 | 000,000,000 | ---D | M] -- C:\Users\Atani\AppData\Roaming\Origin

[2011/08/31 19:46:14 | 000,000,000 | ---D | M] -- C:\Users\Atani\AppData\Roaming\SPORE

[2010/12/17 16:12:01 | 000,000,000 | -H-D | M] -- C:\Users\Atani\AppData\Roaming\Template

[2011/06/02 16:54:00 | 000,000,000 | ---D | M] -- C:\Users\Atani\AppData\Roaming\Unity

[2010/09/30 12:09:45 | 000,000,000 | -H-D | M] -- C:\Users\Atani\AppData\Roaming\WinBatch

[2012/01/26 13:00:42 | 000,000,502 | ---- | M] () -- C:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job

[2012/01/31 19:32:57 | 000,000,526 | ---- | M] () -- C:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job

[2009/07/13 23:08:49 | 000,031,676 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:F35A93AD

< End of report >

And extras:

OTL Extras logfile created on: 2/1/2012 12:04:33 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Atani\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 56.01% Memory free

7.93 Gb Paging File | 5.97 Gb Available in Paging File | 75.27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 280.27 Gb Total Space | 218.26 Gb Free Space | 77.87% Space Free | Partition Type: NTFS

Drive D: | 1.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ATANI-PC | User Name: Atani | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-511026275-2681559148-2892065646-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center

"{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"HDMI" = Intel® Graphics Media Accelerator Driver

"LTMOH" = LSI V92 MOH Application

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"TOSHIBA Software Modem" = TOSHIBA Software Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0

"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba

"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.03.02

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1707FF35-300D-4C78-A94A-2E3D515F6DB3}" = Ingram Media Manager

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center

"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA

"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration

"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application Installer

"{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}" = NetZero Launcher

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™

"{9FE10246-A876-4979-B345-CADE6863BD8E}" = TOSHIBA Supervisor Password

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{ADEE84F6-E408-4F1A-B58E-3C4723B1613E}" = HGTV Home and Landscape Platinum Suite

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D5D8637D-FA1C-4CAD-91FC-4ADB1C284A21}" = TOSHIBA Hardware Setup

"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application

"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder

"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CameraUserGuide-PSSX20IS" = Canon PowerShot SX20 IS Camera User Guide

"CameraWindowDC" = Canon Utilities CameraWindow DC

"CameraWindowDC8" = Canon Utilities CameraWindow DC 8

"CameraWindowLauncher" = Canon Utilities CameraWindow

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA

"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility

"InstallShield_{ADEE84F6-E408-4F1A-B58E-3C4723B1613E}" = HGTV Home and Landscape Platinum Suite

"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ

"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"MHTML Converter" = MHTML Converter

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)

"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0

"MyCamera" = Canon Utilities MyCamera

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"Origin" = Origin

"Personal Printing Guide" = Canon Personal Printing Guide

"PhotoStitch" = Canon Utilities PhotoStitch

"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide

"WildTangent toshiba Master Uninstall" = WildTangent Games

"WinLiveSuite" = Windows Live Essentials

"YInstHelper" = Yahoo! Install Manager

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-511026275-2681559148-2892065646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 8/24/2011 9:58:29 PM | Computer Name = Atani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 8/24/2011 10:30:30 PM | Computer Name = Atani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 8/24/2011 10:30:30 PM | Computer Name = Atani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 8/24/2011 11:22:11 PM | Computer Name = Atani-PC | Source = Microsoft-Windows-Defrag | ID = 257

Description =

Error - 8/24/2011 11:26:59 PM | Computer Name = Atani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 8/24/2011 11:26:59 PM | Computer Name = Atani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 8/24/2011 11:26:59 PM | Computer Name = Atani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 8/24/2011 11:26:59 PM | Computer Name = Atani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 8/24/2011 11:28:03 PM | Computer Name = Atani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 8/24/2011 11:28:03 PM | Computer Name = Atani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

[ System Events ]

Error - 1/29/2012 8:11:44 AM | Computer Name = Atani-PC | Source = Service Control Manager | ID = 7003

Description = The IPsec Policy Agent service depends the following service: BFE.

This service might not be installed.

Error - 1/29/2012 8:11:45 AM | Computer Name = Atani-PC | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1060

Error - 1/29/2012 8:12:32 AM | Computer Name = Atani-PC | Source = Service Control Manager | ID = 7024

Description = The HomeGroup Listener service terminated with service-specific error

%%-2147023143.

Error - 1/29/2012 8:14:43 AM | Computer Name = Atani-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Agere

Modem Call Progress Audio service to connect.

Error - 1/29/2012 8:14:43 AM | Computer Name = Atani-PC | Source = Service Control Manager | ID = 7000

Description = The Agere Modem Call Progress Audio service failed to start due to

the following error: %%1053

Error - 1/29/2012 8:18:07 AM | Computer Name = Atani-PC | Source = Service Control Manager | ID = 7022

Description = The Windows Update service hung on starting.

Error - 2/1/2012 5:20:36 AM | Computer Name = Atani-PC | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1060

Error - 2/1/2012 5:20:37 AM | Computer Name = Atani-PC | Source = Service Control Manager | ID = 7003

Description = The IKE and AuthIP IPsec Keying Modules service depends the following

service: BFE. This service might not be installed.

Error - 2/1/2012 5:20:37 AM | Computer Name = Atani-PC | Source = Service Control Manager | ID = 7003

Description = The IPsec Policy Agent service depends the following service: BFE.

This service might not be installed.

Error - 2/1/2012 1:30:25 PM | Computer Name = Atani-PC | Source = Service Control Manager | ID = 7024

Description = The HomeGroup Listener service terminated with service-specific error

%%-2147023143.

< End of report >

Share this post


Link to post
Share on other sites

You have a nice infection there.

Please run RogueKiller again > Click Scan > then Delete > then HostFix

Post back the log.

------------------------------

Next......

Please download and run TDSSKiller as outlined in the post below:

http://forums.malwar...howtopic=104821

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic - warning please choose

Skip, click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Post back the log, MrC

Share this post


Link to post
Share on other sites

I was afraid it was a good infection.

RogueKiller:

RogueKiller V7.0.2 [01/30/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Atani [Admin rights]

Mode: HOSTSFix -- Date : 02/01/2012 17:10:38

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ Resetted HOSTS: ¤¤¤

127.0.0.1 localhost

Finished : << RKreport[5].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

TDS Killer wants to reboot, will post log afterwards

Share this post


Link to post
Share on other sites

Nevermind I found the TDSSKiller log:

17:20:50.0069 6504 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49

17:20:50.0469 6504 ============================================================

17:20:50.0469 6504 Current date / time: 2012/02/01 17:20:50.0469

17:20:50.0469 6504 SystemInfo:

17:20:50.0469 6504

17:20:50.0469 6504 OS Version: 6.1.7601 ServicePack: 1.0

17:20:50.0469 6504 Product type: Workstation

17:20:50.0469 6504 ComputerName: ATANI-PC

17:20:50.0469 6504 UserName: Atani

17:20:50.0469 6504 Windows directory: C:\windows

17:20:50.0469 6504 System windows directory: C:\windows

17:20:50.0469 6504 Running under WOW64

17:20:50.0470 6504 Processor architecture: Intel x64

17:20:50.0470 6504 Number of processors: 2

17:20:50.0470 6504 Page size: 0x1000

17:20:50.0470 6504 Boot type: Normal boot

17:20:50.0470 6504 ============================================================

17:20:51.0237 6504 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:20:51.0243 6504 \Device\Harddisk0\DR0:

17:20:51.0243 6504 MBR used

17:20:51.0243 6504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2308C000

17:20:51.0269 6504 Initialize success

17:20:51.0269 6504 ============================================================

17:21:34.0503 3216 ============================================================

17:21:34.0503 3216 Scan started

17:21:34.0503 3216 Mode: Manual; SigCheck; TDLFS;

17:21:34.0503 3216 ============================================================

17:21:35.0242 3216 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

17:21:35.0370 3216 1394ohci - ok

17:21:35.0503 3216 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

17:21:35.0524 3216 ACPI - ok

17:21:35.0624 3216 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

17:21:35.0734 3216 AcpiPmi - ok

17:21:35.0841 3216 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

17:21:35.0880 3216 adp94xx - ok

17:21:35.0964 3216 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

17:21:35.0999 3216 adpahci - ok

17:21:36.0084 3216 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

17:21:36.0110 3216 adpu320 - ok

17:21:36.0172 3216 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys

17:21:36.0262 3216 AFD - ok

17:21:36.0373 3216 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\windows\system32\DRIVERS\agrsm64.sys

17:21:36.0475 3216 AgereSoftModem - ok

17:21:36.0557 3216 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

17:21:36.0579 3216 agp440 - ok

17:21:36.0692 3216 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

17:21:36.0711 3216 aliide - ok

17:21:36.0734 3216 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

17:21:36.0746 3216 amdide - ok

17:21:36.0841 3216 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

17:21:36.0905 3216 AmdK8 - ok

17:21:36.0988 3216 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

17:21:37.0038 3216 AmdPPM - ok

17:21:37.0143 3216 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

17:21:37.0165 3216 amdsata - ok

17:21:37.0278 3216 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

17:21:37.0303 3216 amdsbs - ok

17:21:37.0392 3216 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

17:21:37.0414 3216 amdxata - ok

17:21:37.0547 3216 ApfiltrService (1661f9c9e4b0049fa0a5e30264375a87) C:\windows\system32\DRIVERS\Apfiltr.sys

17:21:37.0607 3216 ApfiltrService - ok

17:21:37.0712 3216 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

17:21:37.0785 3216 AppID - ok

17:21:37.0878 3216 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

17:21:37.0893 3216 arc - ok

17:21:37.0918 3216 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

17:21:37.0933 3216 arcsas - ok

17:21:38.0011 3216 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

17:21:38.0167 3216 AsyncMac - ok

17:21:38.0286 3216 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

17:21:38.0298 3216 atapi - ok

17:21:38.0532 3216 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\windows\system32\drivers\atikmdag.sys

17:21:38.0777 3216 atikmdag - ok

17:21:38.0899 3216 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\windows\system32\DRIVERS\avgntflt.sys

17:21:38.0912 3216 avgntflt - ok

17:21:38.0993 3216 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\windows\system32\DRIVERS\avipbb.sys

17:21:39.0009 3216 avipbb - ok

17:21:39.0106 3216 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

17:21:39.0202 3216 b06bdrv - ok

17:21:39.0289 3216 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

17:21:39.0329 3216 b57nd60a - ok

17:21:39.0432 3216 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

17:21:39.0526 3216 Beep - ok

17:21:39.0624 3216 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

17:21:39.0673 3216 blbdrive - ok

17:21:39.0796 3216 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

17:21:39.0858 3216 bowser - ok

17:21:39.0947 3216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

17:21:40.0021 3216 BrFiltLo - ok

17:21:40.0107 3216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

17:21:40.0135 3216 BrFiltUp - ok

17:21:40.0183 3216 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

17:21:40.0249 3216 Brserid - ok

17:21:40.0293 3216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

17:21:40.0334 3216 BrSerWdm - ok

17:21:40.0415 3216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

17:21:40.0458 3216 BrUsbMdm - ok

17:21:40.0541 3216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

17:21:40.0579 3216 BrUsbSer - ok

17:21:40.0678 3216 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

17:21:40.0723 3216 BTHMODEM - ok

17:21:40.0837 3216 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

17:21:40.0912 3216 cdfs - ok

17:21:41.0024 3216 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys

17:21:41.0080 3216 cdrom - ok

17:21:41.0200 3216 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

17:21:41.0246 3216 circlass - ok

17:21:41.0342 3216 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

17:21:41.0373 3216 CLFS - ok

17:21:41.0475 3216 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

17:21:41.0523 3216 CmBatt - ok

17:21:41.0617 3216 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

17:21:41.0637 3216 cmdide - ok

17:21:41.0747 3216 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

17:21:41.0817 3216 CNG - ok

17:21:41.0905 3216 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

17:21:41.0925 3216 Compbatt - ok

17:21:42.0029 3216 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys

17:21:42.0078 3216 CompositeBus - ok

17:21:42.0178 3216 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

17:21:42.0195 3216 crcdisk - ok

17:21:42.0329 3216 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

17:21:42.0388 3216 DfsC - ok

17:21:42.0482 3216 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

17:21:42.0553 3216 discache - ok

17:21:42.0653 3216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

17:21:42.0675 3216 Disk - ok

17:21:42.0779 3216 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

17:21:42.0803 3216 drmkaud - ok

17:21:42.0911 3216 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

17:21:42.0967 3216 DXGKrnl - ok

17:21:43.0130 3216 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

17:21:43.0262 3216 ebdrv - ok

17:21:43.0368 3216 ekqrsbuy - ok

17:21:43.0457 3216 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

17:21:43.0484 3216 elxstor - ok

17:21:43.0560 3216 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

17:21:43.0597 3216 ErrDev - ok

17:21:43.0706 3216 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

17:21:43.0789 3216 exfat - ok

17:21:43.0879 3216 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

17:21:43.0950 3216 fastfat - ok

17:21:44.0053 3216 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

17:21:44.0120 3216 fdc - ok

17:21:44.0213 3216 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

17:21:44.0232 3216 FileInfo - ok

17:21:44.0325 3216 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

17:21:44.0393 3216 Filetrace - ok

17:21:44.0478 3216 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

17:21:44.0515 3216 flpydisk - ok

17:21:44.0605 3216 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

17:21:44.0634 3216 FltMgr - ok

17:21:44.0690 3216 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

17:21:44.0703 3216 FsDepends - ok

17:21:44.0773 3216 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

17:21:44.0793 3216 Fs_Rec - ok

17:21:44.0895 3216 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

17:21:44.0924 3216 fvevol - ok

17:21:45.0007 3216 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

17:21:45.0028 3216 gagp30kx - ok

17:21:45.0152 3216 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

17:21:45.0230 3216 hcw85cir - ok

17:21:45.0331 3216 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

17:21:45.0368 3216 HdAudAddService - ok

17:21:45.0470 3216 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys

17:21:45.0505 3216 HDAudBus - ok

17:21:45.0597 3216 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

17:21:45.0640 3216 HidBatt - ok

17:21:45.0722 3216 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

17:21:45.0784 3216 HidBth - ok

17:21:45.0868 3216 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

17:21:45.0920 3216 HidIr - ok

17:21:46.0037 3216 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

17:21:46.0077 3216 HidUsb - ok

17:21:46.0205 3216 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

17:21:46.0226 3216 HpSAMD - ok

17:21:46.0333 3216 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

17:21:46.0438 3216 HTTP - ok

17:21:46.0531 3216 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

17:21:46.0551 3216 hwpolicy - ok

17:21:46.0639 3216 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys

17:21:46.0662 3216 i8042prt - ok

17:21:46.0761 3216 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\windows\system32\DRIVERS\iaStor.sys

17:21:46.0782 3216 iaStor - ok

17:21:46.0887 3216 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

17:21:46.0923 3216 iaStorV - ok

17:21:47.0203 3216 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\windows\system32\DRIVERS\igdkmd64.sys

17:21:47.0490 3216 igfx - ok

17:21:47.0623 3216 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

17:21:47.0643 3216 iirsp - ok

17:21:47.0783 3216 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys

17:21:47.0850 3216 IntcAzAudAddService - ok

17:21:47.0933 3216 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

17:21:47.0953 3216 intelide - ok

17:21:48.0045 3216 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

17:21:48.0082 3216 intelppm - ok

17:21:48.0188 3216 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

17:21:48.0257 3216 IpFilterDriver - ok

17:21:48.0348 3216 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

17:21:48.0392 3216 IPMIDRV - ok

17:21:48.0495 3216 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

17:21:48.0569 3216 IPNAT - ok

17:21:48.0669 3216 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

17:21:48.0699 3216 IRENUM - ok

17:21:48.0782 3216 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

17:21:48.0802 3216 isapnp - ok

17:21:48.0856 3216 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

17:21:48.0875 3216 iScsiPrt - ok

17:21:48.0965 3216 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys

17:21:48.0986 3216 kbdclass - ok

17:21:49.0095 3216 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

17:21:49.0141 3216 kbdhid - ok

17:21:49.0256 3216 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

17:21:49.0278 3216 KSecDD - ok

17:21:49.0372 3216 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

17:21:49.0397 3216 KSecPkg - ok

17:21:49.0478 3216 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

17:21:49.0540 3216 ksthunk - ok

17:21:49.0669 3216 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

17:21:49.0762 3216 lltdio - ok

17:21:49.0884 3216 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

17:21:49.0907 3216 LSI_FC - ok

17:21:49.0996 3216 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

17:21:50.0018 3216 LSI_SAS - ok

17:21:50.0103 3216 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

17:21:50.0116 3216 LSI_SAS2 - ok

17:21:50.0209 3216 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

17:21:50.0231 3216 LSI_SCSI - ok

17:21:50.0323 3216 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

17:21:50.0410 3216 luafv - ok

17:21:50.0514 3216 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

17:21:50.0534 3216 megasas - ok

17:21:50.0636 3216 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

17:21:50.0664 3216 MegaSR - ok

17:21:50.0747 3216 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

17:21:50.0816 3216 Modem - ok

17:21:50.0914 3216 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

17:21:50.0947 3216 monitor - ok

17:21:51.0045 3216 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys

17:21:51.0066 3216 mouclass - ok

17:21:51.0168 3216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

17:21:51.0206 3216 mouhid - ok

17:21:51.0311 3216 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

17:21:51.0333 3216 mountmgr - ok

17:21:51.0431 3216 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

17:21:51.0458 3216 mpio - ok

17:21:51.0539 3216 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

17:21:51.0598 3216 mpsdrv - ok

17:21:51.0691 3216 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

17:21:51.0747 3216 MRxDAV - ok

17:21:51.0847 3216 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

17:21:51.0925 3216 mrxsmb - ok

17:21:52.0029 3216 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

17:21:52.0083 3216 mrxsmb10 - ok

17:21:52.0178 3216 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

17:21:52.0204 3216 mrxsmb20 - ok

17:21:52.0287 3216 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

17:21:52.0307 3216 msahci - ok

17:21:52.0395 3216 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

17:21:52.0419 3216 msdsm - ok

17:21:52.0517 3216 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

17:21:52.0582 3216 Msfs - ok

17:21:52.0705 3216 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

17:21:52.0784 3216 mshidkmdf - ok

17:21:52.0875 3216 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

17:21:52.0887 3216 msisadrv - ok

17:21:52.0991 3216 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

17:21:53.0064 3216 MSKSSRV - ok

17:21:53.0150 3216 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

17:21:53.0220 3216 MSPCLOCK - ok

17:21:53.0311 3216 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

17:21:53.0397 3216 MSPQM - ok

17:21:53.0497 3216 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

17:21:53.0522 3216 MsRPC - ok

17:21:53.0566 3216 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys

17:21:53.0578 3216 mssmbios - ok

17:21:53.0665 3216 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

17:21:53.0744 3216 MSTEE - ok

17:21:53.0822 3216 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

17:21:53.0867 3216 MTConfig - ok

17:21:53.0955 3216 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

17:21:53.0976 3216 Mup - ok

17:21:54.0086 3216 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

17:21:54.0147 3216 NativeWifiP - ok

17:21:54.0272 3216 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

17:21:54.0328 3216 NDIS - ok

17:21:54.0414 3216 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

17:21:54.0481 3216 NdisCap - ok

17:21:54.0554 3216 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

17:21:54.0623 3216 NdisTapi - ok

17:21:54.0728 3216 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

17:21:54.0799 3216 Ndisuio - ok

17:21:54.0897 3216 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

17:21:54.0961 3216 NdisWan - ok

17:21:55.0057 3216 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

17:21:55.0116 3216 NDProxy - ok

17:21:55.0214 3216 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

17:21:55.0285 3216 NetBIOS - ok

17:21:55.0385 3216 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

17:21:55.0464 3216 NetBT - ok

17:21:55.0577 3216 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

17:21:55.0597 3216 nfrd960 - ok

17:21:55.0701 3216 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

17:21:55.0767 3216 Npfs - ok

17:21:55.0859 3216 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

17:21:55.0932 3216 nsiproxy - ok

17:21:56.0046 3216 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

17:21:56.0119 3216 Ntfs - ok

17:21:56.0222 3216 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\windows\system32\drivers\NTIDrvr.sys

17:21:56.0234 3216 NTIDrvr - ok

17:21:56.0257 3216 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

17:21:56.0334 3216 Null - ok

17:21:56.0431 3216 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

17:21:56.0446 3216 nvraid - ok

17:21:56.0470 3216 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

17:21:56.0486 3216 nvstor - ok

17:21:56.0571 3216 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

17:21:56.0595 3216 nv_agp - ok

17:21:56.0642 3216 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

17:21:56.0685 3216 ohci1394 - ok

17:21:56.0839 3216 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

17:21:56.0865 3216 Parport - ok

17:21:56.0950 3216 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys

17:21:56.0971 3216 partmgr - ok

17:21:57.0021 3216 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

17:21:57.0046 3216 pci - ok

17:21:57.0131 3216 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

17:21:57.0143 3216 pciide - ok

17:21:57.0177 3216 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

17:21:57.0194 3216 pcmcia - ok

17:21:57.0270 3216 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

17:21:57.0282 3216 pcw - ok

17:21:57.0308 3216 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

17:21:57.0389 3216 PEAUTH - ok

17:21:57.0498 3216 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys

17:21:57.0512 3216 PGEffect - ok

17:21:57.0622 3216 PMCF (60795ae1e34bcf4ff731f55a6cda9a86) C:\windows\system32\drivers\PMCF.sys

17:21:57.0636 3216 PMCF - ok

17:21:57.0752 3216 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

17:21:57.0828 3216 PptpMiniport - ok

17:21:57.0925 3216 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

17:21:57.0960 3216 Processor - ok

17:21:58.0074 3216 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

17:21:58.0154 3216 Psched - ok

17:21:58.0283 3216 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

17:21:58.0365 3216 ql2300 - ok

17:21:58.0452 3216 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

17:21:58.0475 3216 ql40xx - ok

17:21:58.0554 3216 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

17:21:58.0605 3216 QWAVEdrv - ok

17:21:58.0693 3216 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

17:21:58.0758 3216 RasAcd - ok

17:21:58.0853 3216 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

17:21:58.0898 3216 RasAgileVpn - ok

17:21:59.0003 3216 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

17:21:59.0081 3216 Rasl2tp - ok

17:21:59.0186 3216 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

17:21:59.0268 3216 RasPppoe - ok

17:21:59.0372 3216 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

17:21:59.0447 3216 RasSstp - ok

17:21:59.0547 3216 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

17:21:59.0630 3216 rdbss - ok

17:21:59.0715 3216 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

17:21:59.0756 3216 rdpbus - ok

17:21:59.0859 3216 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

17:21:59.0921 3216 RDPCDD - ok

17:22:00.0017 3216 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

17:22:00.0087 3216 RDPENCDD - ok

17:22:00.0171 3216 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

17:22:00.0221 3216 RDPREFMP - ok

17:22:00.0300 3216 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys

17:22:00.0354 3216 RDPWD - ok

17:22:00.0463 3216 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

17:22:00.0488 3216 rdyboost - ok

17:22:00.0586 3216 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\windows\system32\DRIVERS\rimspe64.sys

17:22:00.0646 3216 rimspci - ok

17:22:00.0744 3216 risdpcie (7dda2e5cf452dad24b1be704225c18ee) C:\windows\system32\DRIVERS\risdpe64.sys

17:22:00.0778 3216 risdpcie - ok

17:22:00.0881 3216 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\windows\system32\DRIVERS\rixdpe64.sys

17:22:00.0938 3216 rixdpcie - ok

17:22:01.0042 3216 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

17:22:01.0124 3216 rspndr - ok

17:22:01.0236 3216 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\windows\system32\DRIVERS\Rt64win7.sys

17:22:01.0319 3216 RTL8167 - ok

17:22:01.0415 3216 rtl8192se (a8ed9726734d403217a4861a6788b144) C:\windows\system32\DRIVERS\rtl8192se.sys

17:22:01.0469 3216 rtl8192se - ok

17:22:01.0567 3216 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

17:22:01.0589 3216 sbp2port - ok

17:22:01.0677 3216 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

17:22:01.0736 3216 scfilter - ok

17:22:01.0895 3216 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys

17:22:01.0925 3216 sdbus - ok

17:22:02.0012 3216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

17:22:02.0076 3216 secdrv - ok

17:22:02.0160 3216 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

17:22:02.0189 3216 Serenum - ok

17:22:02.0317 3216 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

17:22:02.0342 3216 Serial - ok

17:22:02.0434 3216 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

17:22:02.0481 3216 sermouse - ok

17:22:02.0594 3216 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

17:22:02.0639 3216 sffdisk - ok

17:22:02.0742 3216 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

17:22:02.0793 3216 sffp_mmc - ok

17:22:02.0910 3216 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

17:22:02.0956 3216 sffp_sd - ok

17:22:03.0034 3216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

17:22:03.0080 3216 sfloppy - ok

17:22:03.0177 3216 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

17:22:03.0194 3216 SiSRaid2 - ok

17:22:03.0268 3216 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

17:22:03.0286 3216 SiSRaid4 - ok

17:22:03.0370 3216 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

17:22:03.0446 3216 Smb - ok

17:22:03.0546 3216 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

17:22:03.0568 3216 spldr - ok

17:22:03.0685 3216 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

17:22:03.0720 3216 srv - ok

17:22:03.0823 3216 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

17:22:03.0899 3216 srv2 - ok

17:22:04.0007 3216 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

17:22:04.0053 3216 srvnet - ok

17:22:04.0150 3216 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

17:22:04.0170 3216 stexstor - ok

17:22:04.0266 3216 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys

17:22:04.0286 3216 swenum - ok

17:22:04.0448 3216 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys

17:22:04.0527 3216 Tcpip - ok

17:22:04.0671 3216 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys

17:22:04.0717 3216 TCPIP6 - ok

17:22:04.0812 3216 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

17:22:04.0885 3216 tcpipreg - ok

17:22:04.0980 3216 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

17:22:04.0993 3216 tdcmdpst - ok

17:22:05.0063 3216 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

17:22:05.0123 3216 TDPIPE - ok

17:22:05.0194 3216 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys

17:22:05.0270 3216 TDTCP - ok

17:22:05.0431 3216 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

17:22:05.0469 3216 tdx - ok

17:22:05.0561 3216 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys

17:22:05.0582 3216 TermDD - ok

17:22:05.0665 3216 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys

17:22:05.0674 3216 Thpdrv - ok

17:22:05.0767 3216 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS

17:22:05.0776 3216 Thpevm - ok

17:22:05.0895 3216 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

17:22:05.0919 3216 tos_sps64 - ok

17:22:06.0034 3216 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

17:22:06.0112 3216 tssecsrv - ok

17:22:06.0239 3216 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

17:22:06.0270 3216 TsUsbFlt - ok

17:22:06.0389 3216 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

17:22:06.0467 3216 tunnel - ok

17:22:06.0567 3216 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

17:22:06.0581 3216 TVALZ - ok

17:22:06.0659 3216 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

17:22:06.0672 3216 TVALZFL - ok

17:22:06.0747 3216 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

17:22:06.0769 3216 uagp35 - ok

17:22:06.0857 3216 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\windows\system32\drivers\UBHelper.sys

17:22:06.0871 3216 UBHelper - ok

17:22:06.0977 3216 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

17:22:07.0065 3216 udfs - ok

17:22:07.0169 3216 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

17:22:07.0191 3216 uliagpkx - ok

17:22:07.0294 3216 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys

17:22:07.0328 3216 umbus - ok

17:22:07.0408 3216 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

17:22:07.0440 3216 UmPass - ok

17:22:07.0538 3216 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

17:22:07.0583 3216 usbccgp - ok

17:22:07.0688 3216 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

17:22:07.0727 3216 usbcir - ok

17:22:07.0838 3216 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

17:22:07.0886 3216 usbehci - ok

17:22:07.0993 3216 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

17:22:08.0038 3216 usbhub - ok

17:22:08.0133 3216 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

17:22:08.0164 3216 usbohci - ok

17:22:08.0265 3216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

17:22:08.0301 3216 usbprint - ok

17:22:08.0392 3216 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

17:22:08.0441 3216 usbscan - ok

17:22:08.0563 3216 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

17:22:08.0653 3216 USBSTOR - ok

17:22:08.0787 3216 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys

17:22:08.0829 3216 usbuhci - ok

17:22:08.0974 3216 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys

17:22:09.0009 3216 usbvideo - ok

17:22:09.0123 3216 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

17:22:09.0138 3216 vdrvroot - ok

17:22:09.0257 3216 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

17:22:09.0285 3216 vga - ok

17:22:09.0357 3216 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

17:22:09.0440 3216 VgaSave - ok

17:22:09.0546 3216 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

17:22:09.0573 3216 vhdmp - ok

17:22:09.0665 3216 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

17:22:09.0681 3216 viaide - ok

17:22:09.0698 3216 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

17:22:09.0712 3216 volmgr - ok

17:22:09.0799 3216 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

17:22:09.0823 3216 volmgrx - ok

17:22:09.0876 3216 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

17:22:09.0894 3216 volsnap - ok

17:22:09.0990 3216 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

17:22:10.0014 3216 vsmraid - ok

17:22:10.0089 3216 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

17:22:10.0134 3216 vwifibus - ok

17:22:10.0223 3216 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

17:22:10.0280 3216 vwififlt - ok

17:22:10.0370 3216 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

17:22:10.0395 3216 vwifimp - ok

17:22:10.0425 3216 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

17:22:10.0458 3216 WacomPen - ok

17:22:10.0573 3216 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

17:22:10.0645 3216 WANARP - ok

17:22:10.0673 3216 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

17:22:10.0713 3216 Wanarpv6 - ok

17:22:10.0798 3216 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

17:22:10.0817 3216 Wd - ok

17:22:10.0851 3216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

17:22:10.0891 3216 Wdf01000 - ok

17:22:10.0997 3216 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

17:22:11.0036 3216 WfpLwf - ok

17:22:11.0078 3216 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

17:22:11.0090 3216 WIMMount - ok

17:22:11.0230 3216 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

17:22:11.0276 3216 WinUsb - ok

17:22:11.0402 3216 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

17:22:11.0441 3216 WmiAcpi - ok

17:22:11.0563 3216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

17:22:11.0616 3216 ws2ifsl - ok

17:22:11.0785 3216 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys

17:22:11.0829 3216 WSDPrintDevice - ok

17:22:11.0925 3216 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

17:22:11.0997 3216 WudfPf - ok

17:22:12.0104 3216 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

17:22:12.0174 3216 WUDFRd - ok

17:22:12.0226 3216 MBR (0x1B8) (b5d3b89509933463264ff7748b075c37) \Device\Harddisk0\DR0

17:22:12.0305 3216 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

17:22:12.0305 3216 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

17:22:12.0418 3216 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:22:12.0418 3216 \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:22:12.0449 3216 Boot (0x1200) (f9a40736a712abd797e516dc2d67c52a) \Device\Harddisk0\DR0\Partition0

17:22:12.0450 3216 \Device\Harddisk0\DR0\Partition0 - ok

17:22:12.0451 3216 ============================================================

17:22:12.0451 3216 Scan finished

17:22:12.0451 3216 ============================================================

17:22:12.0474 5876 Detected object count: 2

17:22:12.0474 5876 Actual detected object count: 2

17:22:52.0642 5876 \Device\Harddisk0\DR0\# - copied to quarantine

17:22:52.0642 5876 \Device\Harddisk0\DR0 - copied to quarantine

17:22:52.0671 5876 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

17:22:52.0673 5876 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

17:22:52.0675 5876 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

17:22:52.0678 5876 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

17:22:52.0681 5876 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

17:22:52.0692 5876 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

17:22:52.0700 5876 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

17:22:52.0711 5876 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

17:22:52.0714 5876 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

17:22:52.0718 5876 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

17:22:52.0748 5876 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

17:22:52.0748 5876 \Device\Harddisk0\DR0 - ok

17:22:52.0750 5876 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

17:22:52.0751 5876 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:22:52.0751 5876 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

17:25:08.0407 3728 Deinitialize success

Thanks again!

Share this post


Link to post
Share on other sites

OK, delete your copy of TDSSKiller and download a fresh one.

Please run it again and post the new log, MrC

Share this post


Link to post
Share on other sites

New TDSSKiller:

07:37:16.0499 5820 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49

07:37:16.0870 5820 ============================================================

07:37:16.0870 5820 Current date / time: 2012/02/02 07:37:16.0870

07:37:16.0870 5820 SystemInfo:

07:37:16.0870 5820

07:37:16.0871 5820 OS Version: 6.1.7601 ServicePack: 1.0

07:37:16.0871 5820 Product type: Workstation

07:37:16.0871 5820 ComputerName: ATANI-PC

07:37:16.0871 5820 UserName: Atani

07:37:16.0871 5820 Windows directory: C:\windows

07:37:16.0871 5820 System windows directory: C:\windows

07:37:16.0871 5820 Running under WOW64

07:37:16.0871 5820 Processor architecture: Intel x64

07:37:16.0871 5820 Number of processors: 2

07:37:16.0871 5820 Page size: 0x1000

07:37:16.0871 5820 Boot type: Normal boot

07:37:16.0871 5820 ============================================================

07:37:17.0379 5820 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

07:37:17.0389 5820 \Device\Harddisk0\DR0:

07:37:17.0401 5820 MBR used

07:37:17.0401 5820 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2308C000

07:37:17.0435 5820 Initialize success

07:37:17.0435 5820 ============================================================

07:37:24.0837 5312 ============================================================

07:37:24.0837 5312 Scan started

07:37:24.0837 5312 Mode: Manual; SigCheck; TDLFS;

07:37:24.0837 5312 ============================================================

07:37:30.0477 5312 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

07:37:30.0605 5312 1394ohci - ok

07:37:30.0705 5312 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

07:37:30.0732 5312 ACPI - ok

07:37:30.0825 5312 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

07:37:30.0874 5312 AcpiPmi - ok

07:37:30.0988 5312 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

07:37:31.0039 5312 adp94xx - ok

07:37:31.0131 5312 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

07:37:31.0167 5312 adpahci - ok

07:37:31.0274 5312 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

07:37:31.0299 5312 adpu320 - ok

07:37:31.0408 5312 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys

07:37:31.0492 5312 AFD - ok

07:37:31.0611 5312 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\windows\system32\DRIVERS\agrsm64.sys

07:37:31.0690 5312 AgereSoftModem - ok

07:37:31.0781 5312 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

07:37:31.0803 5312 agp440 - ok

07:37:31.0916 5312 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

07:37:31.0934 5312 aliide - ok

07:37:31.0969 5312 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

07:37:31.0984 5312 amdide - ok

07:37:32.0053 5312 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

07:37:32.0102 5312 AmdK8 - ok

07:37:32.0200 5312 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

07:37:32.0250 5312 AmdPPM - ok

07:37:32.0356 5312 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

07:37:32.0378 5312 amdsata - ok

07:37:32.0479 5312 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

07:37:32.0505 5312 amdsbs - ok

07:37:32.0593 5312 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

07:37:32.0615 5312 amdxata - ok

07:37:32.0748 5312 ApfiltrService (1661f9c9e4b0049fa0a5e30264375a87) C:\windows\system32\DRIVERS\Apfiltr.sys

07:37:32.0838 5312 ApfiltrService - ok

07:37:32.0958 5312 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

07:37:33.0025 5312 AppID - ok

07:37:33.0113 5312 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

07:37:33.0132 5312 arc - ok

07:37:33.0152 5312 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

07:37:33.0166 5312 arcsas - ok

07:37:33.0245 5312 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

07:37:33.0325 5312 AsyncMac - ok

07:37:33.0431 5312 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

07:37:33.0452 5312 atapi - ok

07:37:33.0658 5312 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\windows\system32\drivers\atikmdag.sys

07:37:33.0846 5312 atikmdag - ok

07:37:33.0989 5312 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\windows\system32\DRIVERS\avgntflt.sys

07:37:34.0007 5312 avgntflt - ok

07:37:34.0082 5312 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\windows\system32\DRIVERS\avipbb.sys

07:37:34.0100 5312 avipbb - ok

07:37:34.0220 5312 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

07:37:34.0309 5312 b06bdrv - ok

07:37:34.0401 5312 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

07:37:34.0459 5312 b57nd60a - ok

07:37:34.0566 5312 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

07:37:34.0664 5312 Beep - ok

07:37:34.0758 5312 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

07:37:34.0808 5312 blbdrive - ok

07:37:34.0931 5312 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

07:37:34.0973 5312 bowser - ok

07:37:35.0059 5312 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

07:37:35.0109 5312 BrFiltLo - ok

07:37:35.0185 5312 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

07:37:35.0214 5312 BrFiltUp - ok

07:37:35.0241 5312 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

07:37:35.0317 5312 Brserid - ok

07:37:35.0383 5312 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

07:37:35.0433 5312 BrSerWdm - ok

07:37:35.0516 5312 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

07:37:35.0570 5312 BrUsbMdm - ok

07:37:35.0630 5312 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

07:37:35.0673 5312 BrUsbSer - ok

07:37:35.0746 5312 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

07:37:35.0791 5312 BTHMODEM - ok

07:37:35.0893 5312 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

07:37:35.0967 5312 cdfs - ok

07:37:36.0069 5312 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys

07:37:36.0126 5312 cdrom - ok

07:37:36.0234 5312 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

07:37:36.0279 5312 circlass - ok

07:37:36.0354 5312 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

07:37:36.0387 5312 CLFS - ok

07:37:36.0465 5312 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

07:37:36.0513 5312 CmBatt - ok

07:37:36.0607 5312 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

07:37:36.0627 5312 cmdide - ok

07:37:36.0680 5312 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

07:37:36.0749 5312 CNG - ok

07:37:36.0840 5312 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

07:37:36.0857 5312 Compbatt - ok

07:37:36.0930 5312 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys

07:37:36.0991 5312 CompositeBus - ok

07:37:37.0102 5312 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

07:37:37.0122 5312 crcdisk - ok

07:37:37.0264 5312 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

07:37:37.0337 5312 DfsC - ok

07:37:37.0439 5312 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

07:37:37.0511 5312 discache - ok

07:37:37.0599 5312 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

07:37:37.0619 5312 Disk - ok

07:37:37.0702 5312 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

07:37:37.0750 5312 drmkaud - ok

07:37:37.0845 5312 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

07:37:37.0907 5312 DXGKrnl - ok

07:37:38.0053 5312 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

07:37:38.0185 5312 ebdrv - ok

07:37:38.0280 5312 ekqrsbuy - ok

07:37:38.0338 5312 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

07:37:38.0379 5312 elxstor - ok

07:37:38.0461 5312 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

07:37:38.0505 5312 ErrDev - ok

07:37:38.0596 5312 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

07:37:38.0683 5312 exfat - ok

07:37:38.0757 5312 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

07:37:38.0838 5312 fastfat - ok

07:37:38.0932 5312 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

07:37:38.0977 5312 fdc - ok

07:37:39.0081 5312 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

07:37:39.0103 5312 FileInfo - ok

07:37:39.0138 5312 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

07:37:39.0228 5312 Filetrace - ok

07:37:39.0301 5312 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

07:37:39.0326 5312 flpydisk - ok

07:37:39.0417 5312 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

07:37:39.0447 5312 FltMgr - ok

07:37:39.0536 5312 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

07:37:39.0558 5312 FsDepends - ok

07:37:39.0585 5312 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

07:37:39.0605 5312 Fs_Rec - ok

07:37:39.0706 5312 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

07:37:39.0730 5312 fvevol - ok

07:37:39.0808 5312 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

07:37:39.0830 5312 gagp30kx - ok

07:37:39.0953 5312 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

07:37:40.0020 5312 hcw85cir - ok

07:37:40.0121 5312 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

07:37:40.0154 5312 HdAudAddService - ok

07:37:40.0271 5312 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys

07:37:40.0326 5312 HDAudBus - ok

07:37:40.0409 5312 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

07:37:40.0478 5312 HidBatt - ok

07:37:40.0567 5312 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

07:37:40.0628 5312 HidBth - ok

07:37:40.0725 5312 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

07:37:40.0777 5312 HidIr - ok

07:37:40.0894 5312 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

07:37:40.0929 5312 HidUsb - ok

07:37:41.0061 5312 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

07:37:41.0083 5312 HpSAMD - ok

07:37:41.0199 5312 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

07:37:41.0297 5312 HTTP - ok

07:37:41.0388 5312 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

07:37:41.0408 5312 hwpolicy - ok

07:37:41.0496 5312 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys

07:37:41.0522 5312 i8042prt - ok

07:37:41.0617 5312 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\windows\system32\DRIVERS\iaStor.sys

07:37:41.0636 5312 iaStor - ok

07:37:41.0743 5312 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

07:37:41.0774 5312 iaStorV - ok

07:37:42.0046 5312 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\windows\system32\DRIVERS\igdkmd64.sys

07:37:42.0525 5312 igfx - ok

07:37:42.0635 5312 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

07:37:42.0656 5312 iirsp - ok

07:37:42.0795 5312 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys

07:37:42.0863 5312 IntcAzAudAddService - ok

07:37:42.0956 5312 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

07:37:42.0976 5312 intelide - ok

07:37:43.0057 5312 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

07:37:43.0101 5312 intelppm - ok

07:37:43.0223 5312 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

07:37:43.0305 5312 IpFilterDriver - ok

07:37:43.0393 5312 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

07:37:43.0437 5312 IPMIDRV - ok

07:37:43.0539 5312 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

07:37:43.0612 5312 IPNAT - ok

07:37:43.0714 5312 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

07:37:43.0746 5312 IRENUM - ok

07:37:43.0782 5312 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

07:37:43.0794 5312 isapnp - ok

07:37:43.0890 5312 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

07:37:43.0920 5312 iScsiPrt - ok

07:37:44.0009 5312 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys

07:37:44.0031 5312 kbdclass - ok

07:37:44.0139 5312 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

07:37:44.0181 5312 kbdhid - ok

07:37:44.0278 5312 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

07:37:44.0300 5312 KSecDD - ok

07:37:44.0327 5312 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

07:37:44.0343 5312 KSecPkg - ok

07:37:44.0422 5312 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

07:37:44.0503 5312 ksthunk - ok

07:37:44.0625 5312 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

07:37:44.0691 5312 lltdio - ok

07:37:44.0806 5312 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

07:37:44.0828 5312 LSI_FC - ok

07:37:44.0839 5312 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

07:37:44.0854 5312 LSI_SAS - ok

07:37:44.0870 5312 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

07:37:44.0883 5312 LSI_SAS2 - ok

07:37:44.0975 5312 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

07:37:44.0999 5312 LSI_SCSI - ok

07:37:45.0023 5312 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

07:37:45.0089 5312 luafv - ok

07:37:45.0180 5312 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

07:37:45.0203 5312 megasas - ok

07:37:45.0235 5312 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

07:37:45.0253 5312 MegaSR - ok

07:37:45.0336 5312 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

07:37:45.0411 5312 Modem - ok

07:37:45.0514 5312 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

07:37:45.0567 5312 monitor - ok

07:37:45.0667 5312 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys

07:37:45.0688 5312 mouclass - ok

07:37:45.0790 5312 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

07:37:45.0828 5312 mouhid - ok

07:37:45.0899 5312 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

07:37:45.0922 5312 mountmgr - ok

07:37:45.0997 5312 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

07:37:46.0022 5312 mpio - ok

07:37:46.0106 5312 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

07:37:46.0185 5312 mpsdrv - ok

07:37:46.0280 5312 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

07:37:46.0383 5312 MRxDAV - ok

07:37:46.0469 5312 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

07:37:46.0517 5312 mrxsmb - ok

07:37:46.0629 5312 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

07:37:46.0683 5312 mrxsmb10 - ok

07:37:46.0778 5312 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

07:37:46.0804 5312 mrxsmb20 - ok

07:37:46.0887 5312 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

07:37:46.0905 5312 msahci - ok

07:37:46.0950 5312 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

07:37:46.0970 5312 msdsm - ok

07:37:47.0061 5312 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

07:37:47.0120 5312 Msfs - ok

07:37:47.0183 5312 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

07:37:47.0251 5312 mshidkmdf - ok

07:37:47.0321 5312 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

07:37:47.0341 5312 msisadrv - ok

07:37:47.0437 5312 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

07:37:47.0511 5312 MSKSSRV - ok

07:37:47.0606 5312 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

07:37:47.0661 5312 MSPCLOCK - ok

07:37:47.0690 5312 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

07:37:47.0766 5312 MSPQM - ok

07:37:47.0865 5312 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

07:37:47.0901 5312 MsRPC - ok

07:37:47.0989 5312 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys

07:37:48.0001 5312 mssmbios - ok

07:37:48.0055 5312 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

07:37:48.0134 5312 MSTEE - ok

07:37:48.0201 5312 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

07:37:48.0246 5312 MTConfig - ok

07:37:48.0300 5312 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

07:37:48.0321 5312 Mup - ok

07:37:48.0442 5312 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

07:37:48.0504 5312 NativeWifiP - ok

07:37:48.0628 5312 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

07:37:48.0677 5312 NDIS - ok

07:37:48.0759 5312 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

07:37:48.0832 5312 NdisCap - ok

07:37:48.0932 5312 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

07:37:48.0995 5312 NdisTapi - ok

07:37:49.0106 5312 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

07:37:49.0176 5312 Ndisuio - ok

07:37:49.0276 5312 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

07:37:49.0350 5312 NdisWan - ok

07:37:49.0435 5312 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

07:37:49.0495 5312 NDProxy - ok

07:37:49.0604 5312 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

07:37:49.0665 5312 NetBIOS - ok

07:37:49.0763 5312 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

07:37:49.0849 5312 NetBT - ok

07:37:49.0967 5312 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

07:37:49.0980 5312 nfrd960 - ok

07:37:50.0080 5312 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

07:37:50.0153 5312 Npfs - ok

07:37:50.0248 5312 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

07:37:50.0315 5312 nsiproxy - ok

07:37:50.0397 5312 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

07:37:50.0463 5312 Ntfs - ok

07:37:50.0567 5312 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\windows\system32\drivers\NTIDrvr.sys

07:37:50.0580 5312 NTIDrvr - ok

07:37:50.0625 5312 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

07:37:50.0693 5312 Null - ok

07:37:50.0799 5312 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

07:37:50.0825 5312 nvraid - ok

07:37:50.0916 5312 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

07:37:50.0941 5312 nvstor - ok

07:37:51.0028 5312 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

07:37:51.0051 5312 nv_agp - ok

07:37:51.0099 5312 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

07:37:51.0137 5312 ohci1394 - ok

07:37:51.0251 5312 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

07:37:51.0273 5312 Parport - ok

07:37:51.0317 5312 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys

07:37:51.0331 5312 partmgr - ok

07:37:51.0410 5312 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

07:37:51.0430 5312 pci - ok

07:37:51.0454 5312 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

07:37:51.0470 5312 pciide - ok

07:37:51.0556 5312 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

07:37:51.0581 5312 pcmcia - ok

07:37:51.0649 5312 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

07:37:51.0669 5312 pcw - ok

07:37:51.0731 5312 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

07:37:51.0814 5312 PEAUTH - ok

07:37:51.0932 5312 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys

07:37:51.0948 5312 PGEffect - ok

07:37:52.0045 5312 PMCF (60795ae1e34bcf4ff731f55a6cda9a86) C:\windows\system32\drivers\PMCF.sys

07:37:52.0058 5312 PMCF - ok

07:37:52.0164 5312 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

07:37:52.0246 5312 PptpMiniport - ok

07:37:52.0315 5312 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

07:37:52.0365 5312 Processor - ok

07:37:52.0486 5312 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

07:37:52.0559 5312 Psched - ok

07:37:52.0702 5312 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

07:37:52.0764 5312 ql2300 - ok

07:37:52.0853 5312 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

07:37:52.0869 5312 ql40xx - ok

07:37:52.0900 5312 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

07:37:52.0944 5312 QWAVEdrv - ok

07:37:53.0027 5312 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

07:37:53.0089 5312 RasAcd - ok

07:37:53.0487 5312 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

07:37:53.0544 5312 RasAgileVpn - ok

07:37:53.0604 5312 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

07:37:53.0664 5312 Rasl2tp - ok

07:37:53.0753 5312 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

07:37:53.0827 5312 RasPppoe - ok

07:37:53.0939 5312 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

07:37:54.0018 5312 RasSstp - ok

07:37:54.0114 5312 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

07:37:54.0200 5312 rdbss - ok

07:37:54.0283 5312 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

07:37:54.0327 5312 rdpbus - ok

07:37:54.0426 5312 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

07:37:54.0487 5312 RDPCDD - ok

07:37:54.0585 5312 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

07:37:54.0656 5312 RDPENCDD - ok

07:37:54.0750 5312 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

07:37:54.0805 5312 RDPREFMP - ok

07:37:54.0856 5312 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys

07:37:54.0900 5312 RDPWD - ok

07:37:54.0997 5312 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

07:37:55.0018 5312 rdyboost - ok

07:37:55.0121 5312 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\windows\system32\DRIVERS\rimspe64.sys

07:37:55.0158 5312 rimspci - ok

07:37:55.0267 5312 risdpcie (7dda2e5cf452dad24b1be704225c18ee) C:\windows\system32\DRIVERS\risdpe64.sys

07:37:55.0288 5312 risdpcie - ok

07:37:55.0371 5312 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\windows\system32\DRIVERS\rixdpe64.sys

07:37:55.0412 5312 rixdpcie - ok

07:37:55.0532 5312 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

07:37:55.0610 5312 rspndr - ok

07:37:55.0714 5312 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\windows\system32\DRIVERS\Rt64win7.sys

07:37:55.0762 5312 RTL8167 - ok

07:37:55.0880 5312 rtl8192se (a8ed9726734d403217a4861a6788b144) C:\windows\system32\DRIVERS\rtl8192se.sys

07:37:55.0920 5312 rtl8192se - ok

07:37:56.0012 5312 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

07:37:56.0032 5312 sbp2port - ok

07:37:56.0078 5312 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

07:37:56.0137 5312 scfilter - ok

07:37:56.0262 5312 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys

07:37:56.0294 5312 sdbus - ok

07:37:56.0379 5312 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

07:37:56.0455 5312 secdrv - ok

07:37:56.0539 5312 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

07:37:56.0586 5312 Serenum - ok

07:37:56.0673 5312 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

07:37:56.0700 5312 Serial - ok

07:37:56.0746 5312 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

07:37:56.0787 5312 sermouse - ok

07:37:56.0895 5312 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

07:37:56.0940 5312 sffdisk - ok

07:37:57.0042 5312 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

07:37:57.0094 5312 sffp_mmc - ok

07:37:57.0200 5312 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

07:37:57.0248 5312 sffp_sd - ok

07:37:57.0335 5312 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

07:37:57.0381 5312 sfloppy - ok

07:37:57.0478 5312 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

07:37:57.0500 5312 SiSRaid2 - ok

07:37:57.0524 5312 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

07:37:57.0538 5312 SiSRaid4 - ok

07:37:57.0627 5312 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

07:37:57.0685 5312 Smb - ok

07:37:57.0780 5312 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

07:37:57.0793 5312 spldr - ok

07:37:57.0852 5312 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

07:37:57.0880 5312 srv - ok

07:37:57.0979 5312 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

07:37:58.0029 5312 srv2 - ok

07:37:58.0141 5312 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

07:37:58.0187 5312 srvnet - ok

07:37:58.0284 5312 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

07:37:58.0305 5312 stexstor - ok

07:37:58.0389 5312 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys

07:37:58.0409 5312 swenum - ok

07:37:58.0577 5312 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys

07:37:58.0653 5312 Tcpip - ok

07:37:58.0794 5312 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys

07:37:58.0840 5312 TCPIP6 - ok

07:37:58.0924 5312 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

07:37:59.0000 5312 tcpipreg - ok

07:37:59.0103 5312 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

07:37:59.0118 5312 tdcmdpst - ok

07:37:59.0175 5312 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

07:37:59.0262 5312 TDPIPE - ok

07:37:59.0339 5312 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys

07:37:59.0417 5312 TDTCP - ok

07:37:59.0510 5312 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

07:37:59.0568 5312 tdx - ok

07:37:59.0661 5312 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys

07:37:59.0678 5312 TermDD - ok

07:37:59.0777 5312 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys

07:37:59.0792 5312 Thpdrv - ok

07:37:59.0877 5312 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS

07:37:59.0892 5312 Thpevm - ok

07:38:00.0007 5312 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

07:38:00.0043 5312 tos_sps64 - ok

07:38:00.0156 5312 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

07:38:00.0209 5312 tssecsrv - ok

07:38:00.0337 5312 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

07:38:00.0369 5312 TsUsbFlt - ok

07:38:00.0478 5312 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

07:38:00.0556 5312 tunnel - ok

07:38:00.0655 5312 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

07:38:00.0670 5312 TVALZ - ok

07:38:00.0703 5312 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

07:38:00.0719 5312 TVALZFL - ok

07:38:00.0791 5312 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

07:38:00.0815 5312 uagp35 - ok

07:38:00.0912 5312 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\windows\system32\drivers\UBHelper.sys

07:38:00.0923 5312 UBHelper - ok

07:38:01.0009 5312 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

07:38:01.0078 5312 udfs - ok

07:38:01.0180 5312 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

07:38:01.0193 5312 uliagpkx - ok

07:38:01.0294 5312 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys

07:38:01.0356 5312 umbus - ok

07:38:01.0430 5312 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

07:38:01.0480 5312 UmPass - ok

07:38:01.0527 5312 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

07:38:01.0555 5312 usbccgp - ok

07:38:01.0654 5312 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

07:38:01.0702 5312 usbcir - ok

07:38:01.0804 5312 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

07:38:01.0850 5312 usbehci - ok

07:38:01.0961 5312 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

07:38:02.0010 5312 usbhub - ok

07:38:02.0055 5312 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

07:38:02.0085 5312 usbohci - ok

07:38:02.0164 5312 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

07:38:02.0204 5312 usbprint - ok

07:38:02.0291 5312 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

07:38:02.0340 5312 usbscan - ok

07:38:02.0441 5312 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

07:38:02.0512 5312 USBSTOR - ok

07:38:02.0598 5312 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys

07:38:02.0640 5312 usbuhci - ok

07:38:02.0752 5312 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys

07:38:02.0786 5312 usbvideo - ok

07:38:02.0879 5312 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

07:38:02.0897 5312 vdrvroot - ok

07:38:02.0935 5312 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

07:38:02.0953 5312 vga - ok

07:38:03.0023 5312 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

07:38:03.0108 5312 VgaSave - ok

07:38:03.0213 5312 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

07:38:03.0240 5312 vhdmp - ok

07:38:03.0421 5312 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

07:38:03.0442 5312 viaide - ok

07:38:03.0498 5312 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

07:38:03.0518 5312 volmgr - ok

07:38:03.0587 5312 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

07:38:03.0607 5312 volmgrx - ok

07:38:03.0710 5312 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

07:38:03.0740 5312 volsnap - ok

07:38:03.0823 5312 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

07:38:03.0842 5312 vsmraid - ok

07:38:03.0911 5312 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

07:38:03.0951 5312 vwifibus - ok

07:38:04.0034 5312 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

07:38:04.0081 5312 vwififlt - ok

07:38:04.0170 5312 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

07:38:04.0202 5312 vwifimp - ok

07:38:04.0281 5312 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

07:38:04.0331 5312 WacomPen - ok

07:38:04.0439 5312 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

07:38:04.0524 5312 WANARP - ok

07:38:04.0551 5312 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

07:38:04.0590 5312 Wanarpv6 - ok

07:38:04.0675 5312 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

07:38:04.0696 5312 Wd - ok

07:38:04.0729 5312 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

07:38:04.0769 5312 Wdf01000 - ok

07:38:04.0865 5312 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

07:38:04.0917 5312 WfpLwf - ok

07:38:04.0957 5312 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

07:38:04.0969 5312 WIMMount - ok

07:38:05.0120 5312 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

07:38:05.0171 5312 WinUsb - ok

07:38:05.0280 5312 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

07:38:05.0327 5312 WmiAcpi - ok

07:38:05.0453 5312 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

07:38:05.0496 5312 ws2ifsl - ok

07:38:05.0585 5312 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys

07:38:05.0638 5312 WSDPrintDevice - ok

07:38:05.0737 5312 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

07:38:05.0812 5312 WudfPf - ok

07:38:05.0927 5312 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

07:38:06.0014 5312 WUDFRd - ok

07:38:06.0438 5312 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

07:38:06.0562 5312 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

07:38:06.0562 5312 \Device\Harddisk0\DR0 - detected TDSS File System (1)

07:38:06.0594 5312 Boot (0x1200) (f9a40736a712abd797e516dc2d67c52a) \Device\Harddisk0\DR0\Partition0

07:38:06.0595 5312 \Device\Harddisk0\DR0\Partition0 - ok

07:38:06.0596 5312 ============================================================

07:38:06.0596 5312 Scan finished

07:38:06.0596 5312 ============================================================

07:38:06.0616 5616 Detected object count: 1

07:38:06.0616 5616 Actual detected object count: 1

07:38:26.0410 5616 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

07:38:26.0410 5616 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Share this post


Link to post
Share on other sites

Looks better, rootkit is gone.

------------------

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Share this post


Link to post
Share on other sites

I wound up deleting my avira antivirus because I couldn't get combofix to recognize I turned it off... Let me know when you want it reinstalled.

After running combofix I cannot access the internet unless I right-click on the browser and select run as adminsitrator, that is a new issue I haven't delt with before.

The combofix log:

ComboFix 12-02-02.02 - Atani 02/02/2012 14:49:01.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4059.2833 [GMT -6:00]

Running from: c:\users\Atani\Desktop\ComboFix.exe

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Atani\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DA3DD08B-169B-4F4F-A92D-F76788CA5915}.xps

c:\users\Atani\AppData\Roaming\262A.92C

c:\users\Atani\Documents\~WRL0005.tmp

c:\users\Atani\Documents\~WRL1732.tmp

c:\users\Atani\Documents\~WRL1955.tmp

c:\users\Atani\Documents\~WRL4080.tmp

c:\windows\assembly\temp\@

c:\windows\assembly\temp\cfg.ini

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))

.

.

2012-02-02 20:57 . 2012-02-02 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-01 23:22 . 2012-02-01 23:22 -------- d-----w- C:\TDSSKiller_Quarantine

2012-01-29 12:12 . 2012-01-29 12:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-01-25 02:16 . 2012-01-25 02:16 -------- d-----w- c:\windows\Sun

2012-01-13 09:08 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-13 09:08 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-13 09:08 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-13 09:08 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-13 09:01 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-13 09:01 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-13 09:00 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-13 09:00 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-07 11:52 . 2012-01-07 11:52 -------- d-----w- c:\users\Atani\AppData\Local\Scansoft

2012-01-07 06:11 . 2012-01-07 06:11 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-01-06 00:55 . 2012-01-06 00:55 -------- d-----w- c:\programdata\InstallShield

2012-01-06 00:55 . 2012-01-06 00:55 -------- d-----w- c:\users\Atani\AppData\Roaming\Nuance

2012-01-06 00:34 . 2012-01-06 00:34 -------- d-----w- c:\programdata\ScanSoft

2012-01-06 00:34 . 2012-01-06 00:34 -------- d-----w- c:\program files (x86)\Common Files\ScanSoft Shared

2012-01-06 00:34 . 2012-01-06 00:34 -------- d-----w- c:\program files (x86)\Common Files\Nuance

2012-01-06 00:31 . 2012-01-06 00:31 -------- d-----w- c:\programdata\Nuance

2012-01-06 00:31 . 2012-01-06 00:31 -------- d-----w- c:\program files (x86)\Nuance

2012-01-04 16:25 . 2012-01-04 16:25 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-04 16:25 . 2012-01-04 16:25 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-04 16:25 . 2012-01-04 16:25 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-04 16:25 . 2012-01-04 16:25 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

2012-01-03 23:59 . 2012-01-03 23:59 -------- d-----w- c:\program files (x86)\MHTML Converter

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 21:24 . 2010-09-30 23:27 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-24 04:52 . 2011-12-14 01:03 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-21 11:40 . 2011-12-06 08:05 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FC3EDAD-3A38-48D8-9103-109006E5315E}\mpengine.dll

2011-11-05 05:41 . 2011-12-14 01:04 1188864 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 05:32 . 2011-12-14 01:03 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:35 . 2011-12-14 01:04 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-05 04:26 . 2011-12-14 01:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-05 03:32 . 2011-12-14 01:04 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-05 02:48 . 2011-12-14 01:04 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"EADM"="c:\program files (x86)\Origin\Origin.exe" [2011-07-22 26766648]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]

"BackupNowEZtray"="c:\program files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" [2010-02-22 577792]

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R1 ekqrsbuy;ekqrsbuy;c:\windows\system32\drivers\ekqrsbuy.sys [x]

R2 0168891292591375mcinstcleanup;McAfee Application Installer Cleanup (0168891292591375);c:\users\Atani\AppData\Local\Temp\016889~1.EXE [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 135664]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 137560]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 PMCF;PMCF;c:\windows\system32\drivers\PMCF.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]

S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2010-02-22 45312]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]

S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]

S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-07-07 65904]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]

2009-08-06 16:15 264048 ----a-w- c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 18:15]

.

2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 18:15]

.

2012-02-02 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job

- c:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 01:45]

.

2012-02-02 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job

- c:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 01:45]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-07-22 312832]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2008-09-25 195080]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 709976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Atani\AppData\Roaming\Mozilla\Firefox\Profiles\sdps91d4.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.mail.yahoo.com/

FF - prefs.js: network.proxy.type - 4

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

SafeBoot-MCODS

Toolbar-Locked - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

AddRemove-YInstHelper - c:\windows\system32\regsvr32

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-511026275-2681559148-2892065646-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-511026275-2681559148-2892065646-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-511026275-2681559148-2892065646-1001\Software\SecuROM\License information*]

"datasecu"=hex:ac,4f,d6,90,5c,73,5d,7e,27,ad,ac,f2,29,0a,69,80,30,a9,72,60,a2,

0f,8a,e0,a2,ce,b3,db,72,70,f0,69,8c,93,cd,18,dc,a3,03,88,2c,be,c0,7c,d7,e5,\

"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

.

**************************************************************************

.

Completion time: 2012-02-02 15:04:54 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-02 21:04

.

Pre-Run: 237,443,932,160 bytes free

Post-Run: 237,501,014,016 bytes free

.

- - End Of File - - 6D6FF405B00C0D191149FDCA6E22035E

Share this post


Link to post
Share on other sites

OK, please delete your copy of ComboFix and download a fresh copy.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

Driver::

ekqrsbuy

File::

c:\windows\system32\drivers\ekqrsbuy.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Share this post


Link to post
Share on other sites

Okay, I did get them on my desktop but when I try to drag CFScript to combofix I get the following error message:

C:\Users\Atani\Desktop\ComboFix.exe

Illegal operation attempted on a registry key that has been marked for deletion.

Do you still want me to run ComboFix again?

Share this post


Link to post
Share on other sites

Hard reboot the computer a couple of times should fix that, MrC

Share this post


Link to post
Share on other sites

Here is the new ComboFix log. For some reason it still thinks I have Avira activated, but I deleted it. the scan took about 40 mins. and I am still getting error messages that programs are trying to run on a registry key that has been marked for deletion.

ComboFix 12-02-02.02 - Atani 02/02/2012 20:09:51.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4059.2924 [GMT -6:00]

Running from: c:\users\Atani\Desktop\ComboFix.exe

Command switches used :: c:\users\Atani\Desktop\CFScript.txt

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\drivers\ekqrsbuy.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Atani\AppData\Local\{A6321F3C-DE33-44E0-A567-5128B676CCBA}

c:\users\Atani\AppData\Local\{A6321F3C-DE33-44E0-A567-5128B676CCBA}\chrome\content\overlay.xul

c:\users\Atani\AppData\Local\{A6321F3C-DE33-44E0-A567-5128B676CCBA}\install.rdf

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_ekqrsbuy

.

.

((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))

.

.

2012-02-01 23:22 . 2012-02-01 23:22 -------- d-----w- C:\TDSSKiller_Quarantine

2012-01-29 12:12 . 2012-01-29 12:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-01-25 02:16 . 2012-01-25 02:16 -------- d-----w- c:\windows\Sun

2012-01-13 09:08 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-13 09:08 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-13 09:08 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-13 09:08 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-13 09:01 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-13 09:01 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-13 09:00 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-13 09:00 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-07 11:52 . 2012-01-07 11:52 -------- d-----w- c:\users\Atani\AppData\Local\Scansoft

2012-01-07 06:11 . 2012-01-07 06:11 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-01-06 00:55 . 2012-01-06 00:55 -------- d-----w- c:\programdata\InstallShield

2012-01-06 00:55 . 2012-01-06 00:55 -------- d-----w- c:\users\Atani\AppData\Roaming\Nuance

2012-01-06 00:34 . 2012-01-06 00:34 -------- d-----w- c:\programdata\ScanSoft

2012-01-06 00:34 . 2012-01-06 00:34 -------- d-----w- c:\program files (x86)\Common Files\ScanSoft Shared

2012-01-06 00:34 . 2012-01-06 00:34 -------- d-----w- c:\program files (x86)\Common Files\Nuance

2012-01-06 00:31 . 2012-01-06 00:31 -------- d-----w- c:\programdata\Nuance

2012-01-06 00:31 . 2012-01-06 00:31 -------- d-----w- c:\program files (x86)\Nuance

2012-01-04 16:25 . 2012-02-02 21:12 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

2012-01-04 16:25 . 2012-01-04 16:25 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-04 16:25 . 2012-01-04 16:25 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-04 16:25 . 2012-01-04 16:25 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 21:24 . 2010-09-30 23:27 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-24 04:52 . 2011-12-14 01:03 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-21 11:40 . 2011-12-06 08:05 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FC3EDAD-3A38-48D8-9103-109006E5315E}\mpengine.dll

2011-11-05 05:41 . 2011-12-14 01:04 1188864 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 05:32 . 2011-12-14 01:03 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:35 . 2011-12-14 01:04 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-05 04:26 . 2011-12-14 01:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-05 03:32 . 2011-12-14 01:04 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-05 02:48 . 2011-12-14 01:04 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-02_20.58.55 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-09-05 06:55 . 2012-02-03 02:06 48164 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-02-03 02:47 50454 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-09-30 23:13 . 2012-02-03 02:47 11808 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-511026275-2681559148-2892065646-1001_UserData.bin

- 2010-09-30 23:13 . 2012-02-02 20:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-30 23:13 . 2012-02-03 02:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-30 23:13 . 2012-02-03 02:45 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-09-30 23:13 . 2012-02-02 20:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-09-30 23:13 . 2012-02-02 20:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-09-30 23:13 . 2012-02-03 02:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-09-30 18:12 . 2012-02-03 02:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-09-30 18:12 . 2012-02-02 20:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-30 18:12 . 2012-02-03 02:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-09-30 18:12 . 2012-02-02 20:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-10-04 01:19 . 2012-02-03 02:02 6164 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2012-02-03 02:43 . 2012-02-03 02:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-02-02 20:58 . 2012-02-02 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-02-03 02:43 . 2012-02-03 02:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-02-02 20:58 . 2012-02-02 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 04:54 . 2012-02-02 20:58 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-02-03 02:43 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-10-01 11:59 . 2012-02-03 02:00 291066 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2012-02-02 20:44 624352 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-02-02 21:03 624352 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-02-02 21:03 106696 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-02-02 20:44 106696 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-02-02 20:57 372804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-02-03 02:42 372804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-02-03 02:02 . 2012-02-03 02:02 373572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-511026275-2681559148-2892065646-1001-12288.dat

+ 2009-07-14 04:54 . 2012-02-03 02:43 4210688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-02-02 20:58 4210688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-02-02 20:58 1196032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-03 02:43 1196032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"EADM"="c:\program files (x86)\Origin\Origin.exe" [2011-07-22 26766648]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]

"BackupNowEZtray"="c:\program files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" [2010-02-22 577792]

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 0168891292591375mcinstcleanup;McAfee Application Installer Cleanup (0168891292591375);c:\users\Atani\AppData\Local\Temp\016889~1.EXE [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 135664]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 137560]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 PMCF;PMCF;c:\windows\system32\drivers\PMCF.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]

S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2010-02-22 45312]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]

S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]

S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-07-07 65904]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]

2009-08-06 16:15 264048 ----a-w- c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 18:15]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 18:15]

.

2012-02-02 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job

- c:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 01:45]

.

2012-02-03 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job

- c:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 01:45]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-07-22 312832]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2008-09-25 195080]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]

"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU]

"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU]

"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]

"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]

"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU]

"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 709976]

"combofix"="c:\combofix\CF21188.3XE" [2010-11-20 345088]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Atani\AppData\Roaming\Mozilla\Firefox\Profiles\sdps91d4.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.mail.yahoo.com/

FF - prefs.js: network.proxy.type - 4

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-511026275-2681559148-2892065646-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-511026275-2681559148-2892065646-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-511026275-2681559148-2892065646-1001\Software\SecuROM\License information*]

"datasecu"=hex:ac,4f,d6,90,5c,73,5d,7e,27,ad,ac,f2,29,0a,69,80,30,a9,72,60,a2,

0f,8a,e0,a2,ce,b3,db,72,70,f0,69,8c,93,cd,18,dc,a3,03,88,2c,be,c0,7c,d7,e5,\

"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

.

**************************************************************************

.

Completion time: 2012-02-02 20:51:02 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-03 02:51

ComboFix2.txt 2012-02-02 21:04

.

Pre-Run: 237,504,544,768 bytes free

Post-Run: 237,060,849,664 bytes free

.

- - End Of File - - 707C21A6770CE8210D132F5443BD9B90

Share this post


Link to post
Share on other sites

Did you shut down the computer (turn it off), then power it back up, doing this a couple of times should fixed that problem.

The rest of it looks OK.

MrC

Share this post


Link to post
Share on other sites

Took two more reboots but i've stopped getting the registry error message.

What do we do now?

Thanks again for all of your help, I do truly appreciate it!

Share this post


Link to post
Share on other sites

OK.....Good.

Please Update and run a Quick Scan with MBAM, post the report.

Please let me know how it is, MrC

Share this post


Link to post
Share on other sites

Malwarebytes log:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.03.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Atani :: ATANI-PC [administrator]

2/3/2012 7:14:38 PM

mbam-log-2012-02-03 (19-14-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 191566

Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

That's Good News!

Yes reinstall your AV.

----------------------------------

also........

Older versions of Java and Adobe Reader are vulnerable to malware.

Go to your control panels add/remove programs and uninstall these:

Java™ 6 Update 14

Adobe Reader 9.1

---------------------------------

Download and install the latest version of Java: Java™ 6 Update 30

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

-------------------------------

Install the latest version of Adobe Reader:

http://get.adobe.com/reader/

You can untick this:

Free! McAfee Security Scan Plus

-------------------------------------

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

----------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

--------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Thanks again!

One question though, I can't seem to get windows firewall going again. Should I be concerned?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.