TechSpot

Winrscmde and svchost.exe issues

Inactive
By RLong31
Feb 7, 2013
  1. Having virus issues causing windows to pop up saying program has closedRan several anti-virus/anti-malware programs in regular and safe mode and nothing worked, so that's why I'm here.

    Read through and followed the 4 step preliminary stuff.

    Malwarebytes log

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.02.06.03

    Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.19393
    toni12 :: TONI12-PC [administrator]

    Protection: Disabled

    2/5/2013 10:34:58 PM
    mbam-log-2013-02-05 (22-34-58).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 459156
    Time elapsed: 1 hour(s), 20 minute(s), 58 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\0101120101464857.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
    C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
    C:\Windows\prxid93ps.dat (Malware.Trace) -> Quarantined and deleted successfully.

    (end)
    DDS.txt
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.6001.19393
    Run by toni12 at 18:50:45 on 2013-02-06
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4058.1158 [GMT 9:00]
    .
    AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\ehome\ehsched.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Apoint2K\HidFind.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\wermgr.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\notepad.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    \\.\globalroot\systemroot\svchost.exe
    C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.msn.com
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
    mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{F3EA6DC2-787A-450A-9B7D-07DBEC5A3BEA} : DHCPNameServer = 192.168.0.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
    x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableLUA = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SMR311;Symantec SMR Utility Service 3.1.1;C:\Windows\System32\drivers\SMR311.SYS [2013-2-8 95392]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1309010.00E\symds64.sys [2013-2-6 451192]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1309010.00E\symefa64.sys [2013-2-6 1129120]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-3-26 35392]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2007-9-5 14872]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2009-7-24 504912]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-1-16 1388120]
    R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1309010.00E\ccsetx64.sys [2013-2-6 167072]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\IPSDefs\20130206.001\IDSviA64.sys [2013-2-6 513184]
    R1 PMCF;PMCF;C:\Windows\System32\drivers\PMCF.sys [2009-5-12 16392]
    R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\System32\drivers\RtlProt.sys [2009-7-24 31016]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1309010.00E\ironx64.sys [2013-2-6 190072]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NAVx64\1309010.00E\symtdiv.sys [2013-2-6 445560]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-7 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-2-7 44808]
    R2 camsvc;TOSHIBA Web Camera Service;C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-7-24 20544]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-6 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-6 682344]
    R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exe [2013-2-6 138272]
    R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2009-7-24 57344]
    R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2009-7-24 55296]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-26 138912]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-6 24176]
    R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2009-7-24 32832]
    R3 rtl819xpn64;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\System32\drivers\rtl819xp.sys [2010-1-30 580128]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
    S2 gupdate1ca4498f1f41f10;Google Update Service (gupdate1ca4498f1f41f10);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-4 133104]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-14 160944]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-15 183560]
    S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-2 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-9 1492840]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-19 1020768]
    S4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-15 759048]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
    S4 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-3-7 36864]
    S4 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-11 46448]
    S4 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-10 555392]
    S4 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-2-20 55808]
    S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-4-25 242176]
    S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-3-18 84480]
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-02-07 19:40:5874248----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-07 19:40:58697864----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-02-07 18:19:4595392----a-w-C:\Windows\System32\drivers\SMR311.SYS
    2013-02-06 02:44:5867599240----a-w-C:\Windows\System32\mrt.exe
    2013-01-17 09:28:58273840------w-C:\Windows\System32\MpSigStub.exe
    2013-01-04 01:01:269330176----a-w-C:\Windows\System32\mshtml.dll
    2013-01-04 00:54:366009856----a-w-C:\Windows\SysWow64\mshtml.dll
    2013-01-03 18:53:531638912----a-w-C:\Windows\System32\mshtml.tlb
    2013-01-03 18:34:261638912----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-12-16 13:31:2048128----a-w-C:\Windows\System32\atmlib.dll
    2012-12-16 13:12:5434304----a-w-C:\Windows\SysWow64\atmlib.dll
    2012-12-16 11:08:21368128----a-w-C:\Windows\System32\atmfd.dll
    2012-12-16 10:50:29293376----a-w-C:\Windows\SysWow64\atmfd.dll
    2012-12-15 00:49:2824176----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-11-23 01:54:352770432----a-w-C:\Windows\System32\win32k.sys
    2012-11-22 04:22:38456192----a-w-C:\Windows\System32\shlwapi.dll
    2012-11-22 03:54:36353280----a-w-C:\Windows\SysWow64\shlwapi.dll
    2012-11-20 04:22:50204288----a-w-C:\Windows\SysWow64\ncrypt.dll
    2012-11-20 04:21:04253952----a-w-C:\Windows\System32\ncrypt.dll
    2012-11-13 01:45:482048----a-w-C:\Windows\System32\tzres.dll
    2012-11-13 01:29:512048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-11-09 12:35:231147392----a-w-C:\Windows\System32\wininet.dll
    2012-11-09 12:35:051488384----a-w-C:\Windows\System32\urlmon.dll
    2012-11-09 12:35:05108032----a-w-C:\Windows\System32\url.dll
    2012-11-09 12:33:23243712----a-w-C:\Windows\System32\occache.dll
    2012-11-09 12:31:321062912----a-w-C:\Windows\System32\mstime.dll
    2012-11-09 12:31:0198304----a-w-C:\Windows\System32\mshtmled.dll
    2012-11-09 12:30:52743424----a-w-C:\Windows\System32\msfeeds.dll
    2012-11-09 12:30:5271680----a-w-C:\Windows\System32\msfeedsbs.dll
    2012-11-09 12:30:0956832----a-w-C:\Windows\System32\licmgr10.dll
    2012-11-09 12:29:5031744----a-w-C:\Windows\System32\jsproxy.dll
    2012-11-09 12:29:401538560----a-w-C:\Windows\System32\inetcpl.cpl
    2012-11-09 12:29:23219136----a-w-C:\Windows\System32\ieui.dll
    2012-11-09 12:29:23132096----a-w-C:\Windows\System32\iesysprep.dll
    2012-11-09 12:29:2277312----a-w-C:\Windows\System32\iesetup.dll
    2012-11-09 12:29:222350592----a-w-C:\Windows\System32\iertutil.dll
    2012-11-09 12:29:2172192----a-w-C:\Windows\System32\iernonce.dll
    2012-11-09 12:29:21252416----a-w-C:\Windows\System32\iepeers.dll
    2012-11-09 12:29:2112509696----a-w-C:\Windows\System32\ieframe.dll
    2012-11-09 12:29:15459776----a-w-C:\Windows\System32\iedkcs32.dll
    2012-11-09 10:55:37479232----a-w-C:\Windows\System32\html.iec
    2012-11-09 10:42:46916992----a-w-C:\Windows\SysWow64\wininet.dll
    2012-11-09 10:42:271212416----a-w-C:\Windows\SysWow64\urlmon.dll
    2012-11-09 10:42:26105984----a-w-C:\Windows\SysWow64\url.dll
    2012-11-09 10:40:28206848----a-w-C:\Windows\SysWow64\occache.dll
    2012-11-09 10:38:29611840----a-w-C:\Windows\SysWow64\mstime.dll
    2012-11-09 10:37:5767072----a-w-C:\Windows\SysWow64\mshtmled.dll
    2012-11-09 10:37:52630272----a-w-C:\Windows\SysWow64\msfeeds.dll
    2012-11-09 10:37:5255296----a-w-C:\Windows\SysWow64\msfeedsbs.dll
    2012-11-09 10:37:1443520----a-w-C:\Windows\SysWow64\licmgr10.dll
    2012-11-09 10:36:5425600----a-w-C:\Windows\SysWow64\jsproxy.dll
    2012-11-09 10:36:431469440----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-11-09 10:36:2871680----a-w-C:\Windows\SysWow64\iesetup.dll
    2012-11-09 10:36:282000384----a-w-C:\Windows\SysWow64\iertutil.dll
    2012-11-09 10:36:28164352----a-w-C:\Windows\SysWow64\ieui.dll
    2012-11-09 10:36:28109056----a-w-C:\Windows\SysWow64\iesysprep.dll
    2012-11-09 10:36:2755808----a-w-C:\Windows\SysWow64\iernonce.dll
    2012-11-09 10:36:27184320----a-w-C:\Windows\SysWow64\iepeers.dll
    2012-11-09 10:36:2711111424----a-w-C:\Windows\SysWow64\ieframe.dll
    2012-11-09 10:36:22387584----a-w-C:\Windows\SysWow64\iedkcs32.dll
    2012-11-09 09:09:03162816----a-w-C:\Windows\System32\ieUnatt.exe
    2012-11-09 09:08:5170656----a-w-C:\Windows\System32\ie4uinit.exe
    2012-11-09 09:08:1312288----a-w-C:\Windows\System32\msfeedssync.exe
    2012-11-09 09:01:43385024----a-w-C:\Windows\SysWow64\html.iec
    2012-11-09 07:13:56133632----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-11-09 07:13:43174080----a-w-C:\Windows\SysWow64\ie4uinit.exe
    2012-11-09 07:12:0613312----a-w-C:\Windows\SysWow64\msfeedssync.exe
    .
    ============= FINISH: 18:55:04.15 ===============
    attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/24/2009 12:49:21 PM
    System Uptime: 2/6/2013 1:36:21 PM (5 hours ago)
    .
    Motherboard: TOSHIBA | | To be filled by O.E.M.
    Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU 1 | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 202.471 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ABBYY FineReader 9.0 Sprint
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.1
    ALPS Touch Pad Driver
    avast! Free Antivirus
    Bing Bar
    Bing Rewards Client Installer
    CyberLink PowerCinema for TOSHIBA
    D3DX10
    Direct DiscRecorder
    Dolby Control Center
    Dropbox
    DVD MovieFactory for TOSHIBA
    Epson Connect
    Epson CreativeZone
    Epson Customer Participation
    Epson Download Navigator
    Epson Easy Photo Print 2
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
    Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
    Epson Event Manager
    Epson FAX Utility
    Epson PC-FAX Driver
    EPSON Scan
    EPSON WorkForce 840 Series Printer Uninstall
    EPSON WorkForce 845 Series Printer Uninstall
    EpsonNet Print
    EpsonNet Setup 3.3
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 4.1.0.366
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    Java(TM) 6 Update 11
    Junk Mail filter update
    LightScribe 1.4.124.1
    LTCM Client
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Default Manager
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton AntiVirus
    Octoshape add-in for Adobe Flash Player
    Picasa 2
    PlayReady PC runtime
    QuickBooks Financial Center
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek High Definition Audio Driver
    Realtek WiFi Protected Setup Library
    Realtek WLAN Driver
    RICOH R5U230 Media Driver ver.2.02.02.01
    Rosetta Stone Version 3
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Segoe UI
    Skype Launcher
    Skype Toolbars
    Skype™ 5.10
    Spelling Dictionaries Support For Adobe Reader 9
    TOSHIBA Agreement Notification Utility
    Toshiba Application Installer
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA eco Utility
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD Protection
    TOSHIBA HDD/SSD Alert
    TOSHIBA Internal Modem Region Select Utility
    Toshiba Quality Application
    TOSHIBA Recovery Disc Creator
    Toshiba Registration
    Toshiba Resources Page
    TOSHIBA SD Memory Utilities
    TOSHIBA Software Modem
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA USB Sleep and Charge Utility
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== End Of File ===========================
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there!

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    RogueKiller Scan

    • Download RogueKiller from the following link and save it on your desktop:
      TechSpot
      Official Site (alternative)
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
     
  3. RLong31

    RLong31 TS Rookie Topic Starter Posts: 20

    TDSS Killer Logs... there were 2. Working on Rogue Killer now.
     

    Attached Files:

  4. RLong31

    RLong31 TS Rookie Topic Starter Posts: 20

    Rogue Killer Logs (3 of them):

    1st Log

    RogueKiller V8.4.4 [Feb 5 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : toni12 [Admin rights]
    Mode : Scan -- Date : 02/07/2013 08:39:44
    | ARK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: FUJITSU MJA2320BH G2 +++++
    --- User ---
    [MBR] 733d262d26af980391eb6ed4e338425e
    [BSP] c881619778d6806114b6df1da53d60de : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 293219 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 603586560 | Size: 10525 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_02072013_02d0839.txt >>
    RKreport[1]_S_02072013_02d0839.txt


    2nd Log:

    RogueKiller V8.4.4 [Feb 5 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : toni12 [Admin rights]
    Mode : Remove -- Date : 02/07/2013 08:42:34
    | ARK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: FUJITSU MJA2320BH G2 +++++
    --- User ---
    [MBR] 733d262d26af980391eb6ed4e338425e
    [BSP] c881619778d6806114b6df1da53d60de : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 293219 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 603586560 | Size: 10525 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_02072013_02d0842.txt >>
    RKreport[1]_S_02072013_02d0839.txt ; RKreport[2]_D_02072013_02d0842.txt


    3rd Log:


    RogueKiller V8.4.4 [Feb 5 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : toni12 [Admin rights]
    Mode : Shortcuts HJfix -- Date : 02/07/2013 08:48:33
    | ARK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 1 / Fail 0
    Quick launch: Success 0 / Fail 0
    Programs: Success 9 / Fail 0
    Start menu: Success 1 / Fail 0
    User folder: Success 207 / Fail 0
    My documents: Success 1 / Fail 1
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 0 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 83 / Fail 56
    Backup: [NOT FOUND]

    Drives:
    [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped

    Finished : << RKreport[3]_SC_02072013_02d0848.txt >>
    RKreport[1]_S_02072013_02d0839.txt ; RKreport[2]_D_02072013_02d0842.txt ; RKreport[3]_SC_02072013_02d0848.txt
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Now, please run TDSSKiller again, and delete the TDSS File System.

    After that, this:

    Malwarebytes' Anti-Rootkit

    Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
    • Be sure to print out and follow the instructions provided on that same page for performing a scan.
    • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
    • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
    • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
    • Copy and paste the contents of these two log files in your next reply.


    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.
     
  6. RLong31

    RLong31 TS Rookie Topic Starter Posts: 20

    TDSS Log.... doing malwarebytes anti-rootkit next.
     

    Attached Files:

  7. RLong31

    RLong31 TS Rookie Topic Starter Posts: 20

    Malwarebytes Anti-rootkit log:

    Malwarebytes Anti-Rootkit BETA 1.01.0.1017
    www.malwarebytes.org

    Database version: v2013.02.08.04

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 8.0.6001.19393
    toni12 :: TONI12-PC [administrator]

    2/7/2013 8:52:53 PM
    mbar-log-2013-02-07 (20-52-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 30249
    Time elapsed: 21 minute(s), 31 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    c:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)


    System Log:

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1017

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.0.6002 Windows Vista Service Pack 2 x64

    Account is Administrative

    Internet Explorer version: 8.0.6001.19393

    Java version: 1.6.0_11

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 4255367168, free: 2597261312

    ------------ Kernel report ------------
    02/07/2013 20:30:35
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\SMR311.SYS
    \SystemRoot\System32\drivers\FLTMGR.SYS
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\acpi.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\NAVx64\1309010.00E\SYMDS64.SYS
    \SystemRoot\system32\drivers\NAVx64\1309010.00E\SYMEFA64.SYS
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps64.sys
    \SystemRoot\system32\DRIVERS\Thpevm.SYS
    \SystemRoot\system32\DRIVERS\thpdrv.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\ecache.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\crcdisk.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\DRIVERS\rimspe64.sys
    \SystemRoot\system32\DRIVERS\rixdpe64.sys
    \SystemRoot\system32\DRIVERS\rtl819xp.sys
    \SystemRoot\system32\DRIVERS\Rtlh64.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\msiscsi.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\agrsm64.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\drivers\NAVx64\1309010.00E\ccSetx64.sys
    \SystemRoot\system32\drivers\NAVx64\1309010.00E\Ironx64.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\System32\Drivers\NAVx64\1309010.00E\SYMTDIV.SYS
    \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    \SystemRoot\system32\DRIVERS\smb.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\rtlprot.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\NAVx64\1309010.00E\SRTSPX64.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \??\C:\Windows\system32\drivers\PMCF.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\IPSDefs\20130207.002\IDSvia64.sys
    \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\aswMonFlt.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\drivers\spsys.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\Drivers\NAVx64\1309010.00E\SRTSP64.SYS
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\VirusDefs\20130207.018\EX64.SYS
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\VirusDefs\20130207.018\ENG64.SYS
    \SystemRoot\System32\ATMFD.DLL
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa80069f6060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa800540c050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    Initialization returned 0x0
    Load Function returned 0x0
    Downloaded database version: v2013.02.08.04
    Downloaded database version: v2013.01.23.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa80069f6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80069f5700, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80069f6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xfffffa8006842250, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
    DevicePointer: 0xfffffa800540c050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xfffff88017394a20, 0xfffffa80069f6060, 0xfffffa800451f590
    Lower DeviceData: 0xfffff880151479b0, 0xfffffa800540c050, 0xfffffa8008f2ce40
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 14054DEA

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 600512512
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 603586560 Numsec = 21555200
    Partition is not bootable
    Hidden partition VBR is not infected.

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Performing system, memory and registry scan...
    Infected: c:\Windows\svchost.exe --> [Trojan.Agent]
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1017

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.0.6002 Windows Vista Service Pack 2 x64

    Account is Administrative

    Internet Explorer version: 8.0.6001.19393

    Java version: 1.6.0_11

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 4255367168, free: 2749169664

    Removal queue found; removal started
    Removing c:\Windows\svchost.exe...
    Removal finished
    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1017

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.0.6002 Windows Vista Service Pack 2 x64

    Account is Administrative

    Internet Explorer version: 8.0.6001.19393

    Java version: 1.6.0_11

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 4255367168, free: 2891612160

    ------------ Kernel report ------------
    02/07/2013 20:58:07
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\SMR311.SYS
    \SystemRoot\System32\drivers\FLTMGR.SYS
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\acpi.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\NAVx64\1309010.00E\SYMDS64.SYS
    \SystemRoot\system32\drivers\NAVx64\1309010.00E\SYMEFA64.SYS
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps64.sys
    \SystemRoot\system32\DRIVERS\Thpevm.SYS
    \SystemRoot\system32\DRIVERS\thpdrv.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\ecache.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\crcdisk.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\DRIVERS\rimspe64.sys
    \SystemRoot\system32\DRIVERS\rixdpe64.sys
    \SystemRoot\system32\DRIVERS\rtl819xp.sys
    \SystemRoot\system32\DRIVERS\Rtlh64.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\msiscsi.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\agrsm64.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\drivers\NAVx64\1309010.00E\ccSetx64.sys
    \SystemRoot\system32\drivers\NAVx64\1309010.00E\Ironx64.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\System32\Drivers\NAVx64\1309010.00E\SYMTDIV.SYS
    \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    \SystemRoot\system32\DRIVERS\smb.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\rtlprot.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\NAVx64\1309010.00E\SRTSPX64.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \??\C:\Windows\system32\drivers\PMCF.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\IPSDefs\20130207.002\IDSvia64.sys
    \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\aswMonFlt.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\drivers\spsys.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8006bd5060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa800540c050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    Initialization returned 0x0
    Load Function returned 0x0
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8006bd5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006bd4700, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006bd5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xfffffa8006a212c0, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
    DevicePointer: 0xfffffa800540c050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xfffff8800e5851f0, 0xfffffa8006bd5060, 0xfffffa800490a790
    Lower DeviceData: 0xfffff8800d3572a0, 0xfffffa800540c050, 0xfffffa800490fd10
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 14054DEA

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 600512512
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 603586560 Numsec = 21555200
    Partition is not bootable
    Hidden partition VBR is not infected.

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1017

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.0.6002 Windows Vista Service Pack 2 x64

    Account is Administrative

    Internet Explorer version: 8.0.6001.19393

    Java version: 1.6.0_11

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 4255367168, free: 2620379136

    =======================================
     
  8. RLong31

    RLong31 TS Rookie Topic Starter Posts: 20

    # AdwCleaner v2.111 - Logfile created 02/07/2013 at 21:40:17
    # Updated 05/02/2013 by Xplode
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # User : toni12 - TONI12-PC
    # Boot Mode : Normal
    # Running from : C:\Users\toni12\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Key Found : HKLM\SOFTWARE\Software

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.19393

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\toni12\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [928 octets] - [07/02/2013 21:40:17]

    ########## EOF - C:\AdwCleaner[R1].txt - [987 octets] ##########
     
  9. RLong31

    RLong31 TS Rookie Topic Starter Posts: 20

    JRT Log:


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.6.2 (02.02.2013:2)
    OS: Windows (TM) Vista Home Premium x64
    Ran by toni12 on Thu 02/07/2013 at 21:51:51.05
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
    Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 02/07/2013 at 22:08:00.67
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Rootkit removal didn't work...let's do this:

    Farbar Recovery Scan Tool x64

    Download Farbar Recovery Scan Tool and save it to a flash drive.


    Please make sure to get the 64-bit version

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
     
  11. RLong31

    RLong31 TS Rookie Topic Starter Posts: 20

    FRST Log:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-02-2013
    Ran by SYSTEM at 08-02-2013 08:36:09
    Running from F:\
    Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [] [x]
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8081952 2009-08-24] (Realtek Semiconductor)
    HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-08-24] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [308736 2009-04-02] (Alps Electric Co., Ltd.)
    HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-08] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-08] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
    HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
    HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
    HKU\toni12\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [152064 2008-07-02] (Microsoft Corporation)
    HKU\toni12\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-02-05] (Google Inc.)
    HKU\toni12\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    ==================== Services (Whitelisted) ===================

    4 ABBYY.Licensing.FineReader.Sprint.9.0; "C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service [759048 2009-05-14] (ABBYY)
    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
    2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
    2 gupdate1ca4498f1f41f10; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2009-10-03] (Google Inc.)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
    2 NAV; "C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
    4 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation)

    ==================== Drivers (Whitelisted) =====================

    2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
    1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)
    1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1309010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
    1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-23] (Symantec Corporation)
    3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-26] (Symantec Corporation)
    1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\IPSDefs\20130207.002\IDSvia64.sys [513184 2013-02-05] (Symantec Corporation)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
    3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\VirusDefs\20130208.003\ENG64.SYS [126192 2013-02-05] (Symantec Corporation)
    3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\VirusDefs\20130208.003\EX64.SYS [2087664 2013-02-05] (Symantec Corporation)
    1 PMCF; C:\Windows\System32\Drivers\PMCF.sys [16392 2009-03-19] ()
    3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [580128 2010-01-30] (Realtek Semiconductor Corporation )
    0 SMR311; C:\Windows\System32\Drivers\SMR311.sys [95392 2013-02-07] (Symantec Corporation)
    3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1309010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
    1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
    0 SymDS; C:\Windows\System32\drivers\NAVx64\1309010.00E\SYMDS64.SYS [451192 2012-01-17] (Symantec Corporation)
    0 SymEFA; C:\Windows\System32\drivers\NAVx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
    3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-15] (Symantec Corporation)
    1 SymIRON; C:\Windows\system32\drivers\NAVx64\1309010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
    1 SYMTDIv; C:\Windows\System32\Drivers\NAVx64\1309010.00E\SYMTDIV.SYS [445560 2012-04-17] (Symantec Corporation)
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-02-08 08:35 - 2013-02-08 08:35 - 00000000 ____D C:\FRST
    2013-02-07 15:28 - 2013-02-07 15:28 - 01464149 ____A (Farbar) C:\Users\toni12\Downloads\FRST64.exe
    2013-02-07 10:19 - 2013-02-07 11:37 - 00000000 ____D C:\Users\toni12\AppData\Local\NPE
    2013-02-07 10:19 - 2013-02-07 10:19 - 00095392 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR311.SYS
    2013-02-07 05:08 - 2013-02-07 05:08 - 00001275 ____A C:\Users\toni12\Desktop\JRT.txt
    2013-02-07 04:51 - 2013-02-07 04:51 - 00000000 ____D C:\Windows\ERUNT
    2013-02-07 04:51 - 2013-02-07 04:51 - 00000000 ____D C:\JRT
    2013-02-07 04:50 - 2013-02-07 04:50 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\toni12\Desktop\JRT.exe
    2013-02-07 04:40 - 2013-02-07 04:41 - 00001120 ____A C:\AdwCleaner[S1].txt
    2013-02-07 04:40 - 2013-02-07 04:40 - 00001053 ____A C:\AdwCleaner[R1].txt
    2013-02-07 04:38 - 2013-02-07 04:39 - 00582209 ____A C:\Users\toni12\Desktop\adwcleaner.exe
    2013-02-07 04:07 - 2013-02-07 04:07 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2013-02-07 03:26 - 2013-02-07 03:27 - 00000000 ____D C:\Users\toni12\Downloads\mbar-1.01.0.1017
    2013-02-07 03:20 - 2013-02-07 03:20 - 13562257 ____A C:\Users\toni12\Downloads\mbar-1.01.0.1017.zip
    2013-02-07 03:20 - 2013-02-07 03:20 - 00000000 ____D C:\Users\toni12\AppData\Local\MigWiz
    2013-02-06 15:48 - 2013-02-06 15:48 - 00001215 ____A C:\Users\toni12\Desktop\RKreport[3]_SC_02072013_02d0848.txt
    2013-02-06 15:42 - 2013-02-06 15:42 - 00001600 ____A C:\Users\toni12\Desktop\RKreport[2]_D_02072013_02d0842.txt
    2013-02-06 15:39 - 2013-02-06 15:39 - 00001601 ____A C:\Users\toni12\Desktop\RKreport[1]_S_02072013_02d0839.txt
    2013-02-06 15:35 - 2013-02-06 15:42 - 00000000 ____D C:\Users\toni12\Desktop\RK_Quarantine
    2013-02-06 15:26 - 2013-02-06 15:26 - 00778240 ____A C:\Users\toni12\Desktop\RogueKiller.exe
    2013-02-06 14:55 - 2013-02-07 03:11 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-02-06 14:51 - 2013-02-06 14:51 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\toni12\Downloads\tdsskiller (2).exe
    2013-02-06 14:51 - 2013-02-06 14:51 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\toni12\Downloads\tdsskiller (1).exe
    2013-02-06 14:50 - 2013-02-06 14:51 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\toni12\Downloads\tdsskiller.exe
    2013-02-06 14:46 - 2013-02-06 14:46 - 00011624 ____A C:\Users\toni12\AppData\Local\dd_vcredistUI27AA.txt
    2013-02-06 14:46 - 2013-02-06 14:46 - 00001800 ____A C:\Users\toni12\AppData\Local\dd_vcredistMSI27AA.txt
    2013-02-06 14:46 - 2013-02-06 14:46 - 00001797 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2013-02-06 14:46 - 2013-02-06 14:46 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
    2013-02-06 14:46 - 2012-10-30 15:51 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2013-02-06 14:46 - 2012-10-30 15:51 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2013-02-06 14:46 - 2012-10-30 15:50 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2013-02-06 10:22 - 2013-02-06 10:22 - 16369160 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2013-02-06 01:59 - 2013-02-06 01:59 - 00008673 ____A C:\Users\toni12\Desktop\attach.txt
    2013-02-06 01:59 - 2013-02-06 01:55 - 00020535 ____A C:\Users\toni12\Desktop\dds.txt
    2013-02-06 01:46 - 2013-02-06 01:46 - 00688992 ____R (Swearware) C:\Users\toni12\Downloads\dds.com
    2013-02-06 01:46 - 2013-02-06 01:46 - 00688992 ____A (Swearware) C:\Users\toni12\Downloads\dds (1).com
    2013-02-05 22:43 - 2013-02-05 22:43 - 00054148 ____A C:\Users\toni12\AppData\Local\dd_vcredistUI4693.txt
    2013-02-05 22:43 - 2013-02-05 22:43 - 00001792 ____A C:\Users\toni12\AppData\Local\dd_vcredistMSI4693.txt
    2013-02-05 22:38 - 2013-02-06 14:46 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2013-02-05 22:38 - 2012-10-30 15:50 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2013-02-05 22:37 - 2013-02-06 14:45 - 00000000 ____D C:\Users\All Users\AVAST Software
    2013-02-05 22:37 - 2013-02-06 14:45 - 00000000 ____D C:\Program Files\AVAST Software
    2013-02-05 22:37 - 2013-02-05 22:37 - 00053624 ____A C:\Users\toni12\AppData\Local\dd_vcredistUI4230.txt
    2013-02-05 22:37 - 2013-02-05 22:37 - 00001824 ____A C:\Users\toni12\AppData\Local\dd_vcredistMSI4230.txt
    2013-02-05 22:33 - 2013-02-05 22:33 - 00000920 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-02-05 22:33 - 2013-02-05 22:33 - 00000000 ____D C:\Users\toni12\AppData\Roaming\Malwarebytes
    2013-02-05 22:33 - 2013-02-05 22:33 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-02-05 22:33 - 2013-02-05 22:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-02-05 22:33 - 2012-12-14 16:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-02-05 22:31 - 2013-02-05 22:36 - 97565024 ____A C:\Users\toni12\Downloads\avast_free_antivirus_setup.exe
    2013-02-05 22:17 - 2013-02-05 22:17 - 00000732 ____A C:\Users\toni12\AppData\Local\d3d9caps64.dat
    2013-02-05 21:49 - 2013-02-05 21:51 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\toni12\Downloads\mbam-setup-1.70.0.1100 (1).exe
    2013-02-05 21:48 - 2013-02-05 21:49 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\toni12\Downloads\mbam-setup-1.70.0.1100.exe
    2013-02-05 21:02 - 2013-02-05 21:02 - 00000000 ____A C:\Windows\setuperr.log
    2013-02-05 21:02 - 2013-02-05 19:13 - 00000795 ____A C:\Windows\setupact.log
    2013-02-05 20:22 - 2013-02-05 20:27 - 32652922 ____A C:\Users\toni12\Downloads\Windows_Password_Recovery_Tool_Trial.exe
    2013-02-05 19:44 - 2013-02-05 19:47 - 28568733 ____A (Password Unlocker Studio. ) C:\Users\toni12\Downloads\windows_password_unlocker_professional_trial.exe
    2013-02-05 19:43 - 2013-02-05 19:43 - 00000000 ____A C:\Windows\ToDisc.INI
    2013-02-05 19:06 - 2013-02-05 19:09 - 29575203 ____A (Anmosoft, Inc. ) C:\Users\toni12\Downloads\WindowsPasswordResetProfessionalDemoSetup (1).exe
    2013-02-05 18:42 - 2013-01-03 17:01 - 09330176 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-02-05 18:42 - 2013-01-03 16:54 - 06009856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-02-05 18:42 - 2013-01-03 10:53 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-02-05 18:42 - 2013-01-03 10:34 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-02-05 18:42 - 2012-11-22 17:54 - 02770432 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-02-05 18:42 - 2012-11-21 20:22 - 00456192 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
    2013-02-05 18:42 - 2012-11-21 19:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
    2013-02-05 18:42 - 2012-11-19 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2013-02-05 18:42 - 2012-11-19 20:21 - 00253952 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2013-02-05 18:42 - 2012-11-02 02:47 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2013-02-05 18:42 - 2012-11-02 02:47 - 01794560 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2013-02-05 18:42 - 2012-11-02 02:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2013-02-05 18:42 - 2012-11-02 02:19 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

    ==================== One Month Modified Files and Folders =======

    2013-02-08 08:35 - 2013-02-08 08:35 - 00000000 ____D C:\FRST
    2013-02-07 15:31 - 2009-07-23 19:46 - 01195441 ____A C:\Windows\WindowsUpdate.log
    2013-02-07 15:31 - 2006-11-02 07:42 - 00032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2013-02-07 15:31 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-02-07 15:31 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2013-02-07 15:31 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2013-02-07 15:29 - 2009-08-12 22:12 - 00000436 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{44EFB955-2117-4EA5-AD44-C998487608FB}.job
    2013-02-07 15:28 - 2013-02-07 15:28 - 01464149 ____A (Farbar) C:\Users\toni12\Downloads\FRST64.exe
    2013-02-07 15:27 - 2006-11-02 04:46 - 00703516 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-02-07 15:09 - 2009-10-03 18:28 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-02-07 14:51 - 2012-04-15 13:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-02-07 11:37 - 2013-02-07 10:19 - 00000000 ____D C:\Users\toni12\AppData\Local\NPE
    2013-02-07 10:19 - 2013-02-07 10:19 - 00095392 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR311.SYS
    2013-02-07 10:19 - 2010-01-20 03:02 - 00498198 ____A C:\Windows\ntbtlog.txt.bak
    2013-02-07 10:19 - 2009-12-16 02:28 - 00000000 ____D C:\Users\All Users\Norton
    2013-02-07 10:16 - 2009-10-03 18:28 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-02-07 05:42 - 2006-11-02 07:07 - 00000000 ___RD C:\Users\Public\Recorded TV
    2013-02-07 05:08 - 2013-02-07 05:08 - 00001275 ____A C:\Users\toni12\Desktop\JRT.txt
    2013-02-07 04:51 - 2013-02-07 04:51 - 00000000 ____D C:\Windows\ERUNT
    2013-02-07 04:51 - 2013-02-07 04:51 - 00000000 ____D C:\JRT
    2013-02-07 04:50 - 2013-02-07 04:50 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\toni12\Desktop\JRT.exe
    2013-02-07 04:48 - 2011-05-17 01:36 - 00000000 ____D C:\Users\toni12\AppData\Roaming\Dropbox
    2013-02-07 04:44 - 2011-05-17 01:42 - 00000000 ___RD C:\Users\toni12\Dropbox
    2013-02-07 04:41 - 2013-02-07 04:40 - 00001120 ____A C:\AdwCleaner[S1].txt
    2013-02-07 04:40 - 2013-02-07 04:40 - 00001053 ____A C:\AdwCleaner[R1].txt
    2013-02-07 04:39 - 2013-02-07 04:38 - 00582209 ____A C:\Users\toni12\Desktop\adwcleaner.exe
    2013-02-07 04:07 - 2013-02-07 04:07 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2013-02-07 04:07 - 2011-05-17 01:42 - 00000934 ____A C:\Users\toni12\Desktop\Dropbox.lnk
    2013-02-07 03:55 - 2008-01-20 19:26 - 00109832 ____A C:\Windows\PFRO.log
    2013-02-07 03:27 - 2013-02-07 03:26 - 00000000 ____D C:\Users\toni12\Downloads\mbar-1.01.0.1017
    2013-02-07 03:20 - 2013-02-07 03:20 - 13562257 ____A C:\Users\toni12\Downloads\mbar-1.01.0.1017.zip
    2013-02-07 03:20 - 2013-02-07 03:20 - 00000000 ____D C:\Users\toni12\AppData\Local\MigWiz
    2013-02-07 03:11 - 2013-02-06 14:55 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-02-06 15:48 - 2013-02-06 15:48 - 00001215 ____A C:\Users\toni12\Desktop\RKreport[3]_SC_02072013_02d0848.txt
    2013-02-06 15:42 - 2013-02-06 15:42 - 00001600 ____A C:\Users\toni12\Desktop\RKreport[2]_D_02072013_02d0842.txt
    2013-02-06 15:42 - 2013-02-06 15:35 - 00000000 ____D C:\Users\toni12\Desktop\RK_Quarantine
    2013-02-06 15:39 - 2013-02-06 15:39 - 00001601 ____A C:\Users\toni12\Desktop\RKreport[1]_S_02072013_02d0839.txt
    2013-02-06 15:26 - 2013-02-06 15:26 - 00778240 ____A C:\Users\toni12\Desktop\RogueKiller.exe
    2013-02-06 14:53 - 2010-02-08 01:50 - 00000000 ____D C:\Users\toni12\AppData\Local\CrashDumps
    2013-02-06 14:51 - 2013-02-06 14:51 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\toni12\Downloads\tdsskiller (2).exe
    2013-02-06 14:51 - 2013-02-06 14:51 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\toni12\Downloads\tdsskiller (1).exe
    2013-02-06 14:51 - 2013-02-06 14:50 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\toni12\Downloads\tdsskiller.exe
    2013-02-06 14:47 - 2009-09-12 13:51 - 00006756 ____A C:\Users\toni12\AppData\Local\d3d9caps.dat
    2013-02-06 14:46 - 2013-02-06 14:46 - 00011624 ____A C:\Users\toni12\AppData\Local\dd_vcredistUI27AA.txt
    2013-02-06 14:46 - 2013-02-06 14:46 - 00001800 ____A C:\Users\toni12\AppData\Local\dd_vcredistMSI27AA.txt
    2013-02-06 14:46 - 2013-02-06 14:46 - 00001797 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2013-02-06 14:46 - 2013-02-06 14:46 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
    2013-02-06 14:46 - 2013-02-05 22:38 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2013-02-06 14:45 - 2013-02-05 22:37 - 00000000 ____D C:\Users\All Users\AVAST Software
    2013-02-06 14:45 - 2013-02-05 22:37 - 00000000 ____D C:\Program Files\AVAST Software
    2013-02-06 14:23 - 2006-11-02 07:21 - 00309800 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-02-06 10:23 - 2012-04-15 13:16 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-02-06 10:23 - 2011-05-17 01:45 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-02-06 10:22 - 2013-02-06 10:22 - 16369160 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2013-02-06 01:59 - 2013-02-06 01:59 - 00008673 ____A C:\Users\toni12\Desktop\attach.txt
    2013-02-06 01:55 - 2013-02-06 01:59 - 00020535 ____A C:\Users\toni12\Desktop\dds.txt
    2013-02-06 01:46 - 2013-02-06 01:46 - 00688992 ____R (Swearware) C:\Users\toni12\Downloads\dds.com
    2013-02-06 01:46 - 2013-02-06 01:46 - 00688992 ____A (Swearware) C:\Users\toni12\Downloads\dds (1).com
    2013-02-05 22:43 - 2013-02-05 22:43 - 00054148 ____A C:\Users\toni12\AppData\Local\dd_vcredistUI4693.txt
    2013-02-05 22:43 - 2013-02-05 22:43 - 00001792 ____A C:\Users\toni12\AppData\Local\dd_vcredistMSI4693.txt
    2013-02-05 22:38 - 2009-05-11 10:25 - 00000000 ____D C:\Users\All Users\Google
    2013-02-05 22:38 - 2009-05-11 10:25 - 00000000 ____D C:\Program Files (x86)\Google
    2013-02-05 22:37 - 2013-02-05 22:37 - 00053624 ____A C:\Users\toni12\AppData\Local\dd_vcredistUI4230.txt
    2013-02-05 22:37 - 2013-02-05 22:37 - 00001824 ____A C:\Users\toni12\AppData\Local\dd_vcredistMSI4230.txt
    2013-02-05 22:36 - 2013-02-05 22:31 - 97565024 ____A C:\Users\toni12\Downloads\avast_free_antivirus_setup.exe
    2013-02-05 22:33 - 2013-02-05 22:33 - 00000920 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-02-05 22:33 - 2013-02-05 22:33 - 00000000 ____D C:\Users\toni12\AppData\Roaming\Malwarebytes
    2013-02-05 22:33 - 2013-02-05 22:33 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-02-05 22:33 - 2013-02-05 22:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-02-05 22:17 - 2013-02-05 22:17 - 00000732 ____A C:\Users\toni12\AppData\Local\d3d9caps64.dat
    2013-02-05 22:16 - 2009-05-11 10:13 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
    2013-02-05 22:16 - 2009-05-11 10:13 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
    2013-02-05 22:14 - 2009-05-11 10:27 - 00000000 ____D C:\Users\All Users\WildTangent
    2013-02-05 21:51 - 2013-02-05 21:49 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\toni12\Downloads\mbam-setup-1.70.0.1100 (1).exe
    2013-02-05 21:49 - 2013-02-05 21:48 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\toni12\Downloads\mbam-setup-1.70.0.1100.exe
    2013-02-05 21:02 - 2013-02-05 21:02 - 00000000 ____A C:\Windows\setuperr.log
    2013-02-05 20:44 - 2010-01-02 19:16 - 00000000 ____D C:\Windows\Minidump
    2013-02-05 20:27 - 2013-02-05 20:22 - 32652922 ____A C:\Users\toni12\Downloads\Windows_Password_Recovery_Tool_Trial.exe
    2013-02-05 19:51 - 2009-12-19 05:58 - 00002215 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk
    2013-02-05 19:51 - 2009-12-19 05:57 - 00000000 ____D C:\Windows\System32\Drivers\NAVx64
    2013-02-05 19:48 - 2009-08-08 17:00 - 00000000 ____D C:\Users\toni12\AppData\Local\Google
    2013-02-05 19:47 - 2013-02-05 19:44 - 28568733 ____A (Password Unlocker Studio. ) C:\Users\toni12\Downloads\windows_password_unlocker_professional_trial.exe
    2013-02-05 19:43 - 2013-02-05 19:43 - 00000000 ____A C:\Windows\ToDisc.INI
    2013-02-05 19:14 - 2009-10-07 03:30 - 00008704 ____A C:\Users\toni12\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-02-05 19:13 - 2013-02-05 21:02 - 00000795 ____A C:\Windows\setupact.log
    2013-02-05 19:09 - 2013-02-05 19:06 - 29575203 ____A (Anmosoft, Inc. ) C:\Users\toni12\Downloads\WindowsPasswordResetProfessionalDemoSetup (1).exe
    2013-02-05 18:52 - 2009-05-11 10:59 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2013-02-05 18:48 - 2012-08-23 07:39 - 00000129 ____A C:\Windows\System32\MRT.INI
    2013-02-05 18:44 - 2006-11-02 04:35 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2013-02-05 18:28 - 2009-10-03 18:18 - 00002037 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-01-17 01:28 - 2009-10-03 04:19 - 00273840 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe


    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys
    [2012-12-25 22:21] - [2012-08-21 03:50] - 0267648 ____A (Microsoft Corporation) 582F710097B46140F5A89A19A6573D4B


    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-11-19 03:00:26
    Restore point made on: 2012-11-20 03:00:33
    Restore point made on: 2012-11-22 03:00:32
    Restore point made on: 2012-11-23 03:00:24
    Restore point made on: 2012-11-24 03:00:30
    Restore point made on: 2012-11-25 03:00:36
    Restore point made on: 2012-11-26 03:00:36
    Restore point made on: 2012-11-27 03:00:36
    Restore point made on: 2012-11-28 03:00:47
    Restore point made on: 2012-12-08 03:00:34
    Restore point made on: 2012-12-25 21:57:30
    Restore point made on: 2012-12-26 03:01:02
    Restore point made on: 2013-01-02 02:05:23
    Restore point made on: 2013-01-02 02:48:32
    Restore point made on: 2013-01-02 02:51:01
    Restore point made on: 2013-01-02 02:55:33
    Restore point made on: 2013-01-02 03:05:45
    Restore point made on: 2013-01-18 02:08:15
    Restore point made on: 2013-02-05 18:32:20
    Restore point made on: 2013-02-05 18:43:38
    Restore point made on: 2013-02-05 19:21:16
    Restore point made on: 2013-02-06 01:21:44
    Restore point made on: 2013-02-06 01:24:23
    Restore point made on: 2013-02-06 10:01:35
    Restore point made on: 2013-02-06 18:07:42
    Restore point made on: 2013-02-07 03:53:35
    Restore point made on: 2013-02-07 11:43:41

    ==================== Memory info ===========================

    Percentage of memory in use: 13%
    Total physical RAM: 4058.23 MB
    Available physical RAM: 3519.36 MB
    Total Pagefile: 3808.09 MB
    Available Pagefile: 3486.95 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: (TI101800V0E ) (Fixed) (Total:286.35 GB) (Free:196.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (PASSWORDUNLOCKER) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
    3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.3 GB) NTFS
    4 Drive f: () (Removable) (Total:7.46 GB) (Free:1.45 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 7658 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: 14054DEA

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 1500 MB 1024 KB
    Partition 2 Primary 286 GB 1501 MB
    Partition 3 Primary 10 GB 288 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C TI101800V0E NTFS Partition 286 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    =========================================================

    Partitions of Disk 1:
    ===============

    Disk ID: 004273D9

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7657 MB 32 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 F FAT32 Removable 7657 MB Healthy

    =========================================================

    Last Boot: 2013-02-07 05:43

    ==================== End Of Log =============================
     
     
  12. RLong31

    RLong31 TS Rookie Topic Starter Posts: 20

    Search Log:

    Farbar Recovery Scan Tool (x64) Version: 06-02-2013
    Ran by SYSTEM at 2013-02-08 08:38:46
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2009-12-02 23:09] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2009-12-02 23:09] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
    [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

    C:\Windows\SysWOW64\services.exe
    [2009-12-02 23:09] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\System32\services.exe
    [2009-12-02 23:09] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

    ====== End Of Search ======
     
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please do a search the same way in FRST for this: volsnap.sys
     
  14. RLong31

    RLong31 TS Rookie Topic Starter Posts: 20

    Search Log:

    Farbar Recovery Scan Tool (x64) Version: 06-02-2013
    Ran by SYSTEM at 2013-02-08 23:44:46
    Running from F:\

    ================== Search: "volsnap.sys" ===================

    C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6002.22913_none_743da78bcabba994\volsnap.sys
    [2012-12-25 22:21] - [2012-08-21 03:50] - 0268160 ____A (Microsoft Corporation) FBF61EB641BEFC9B3BF6407062A6C807

    C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6002.18679_none_73792928b1c94f2c\volsnap.sys
    [2012-12-25 22:21] - [2012-08-21 03:50] - 0267648 ____A (Microsoft Corporation) 582F710097B46140F5A89A19A6573D4B

    C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_73c0cc10b194374f\volsnap.sys
    [2009-12-02 23:09] - [2009-04-10 23:15] - 0269288 ____A (Microsoft Corporation) 5280AADA24AB36B01A84A6424C475C8D

    C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_71d55304b4726c03\volsnap.sys
    [2008-01-20 18:47] - [2008-01-20 18:47] - 0271416 ____A (Microsoft Corporation) DE4307412D98050239026E56A7DFF3C0

    C:\Windows\System32\DriverStore\FileRepository\volume.inf_d5525b4d\volsnap.sys
    [2009-12-02 23:09] - [2009-04-10 23:15] - 0269288 ____A (Microsoft Corporation) 5280AADA24AB36B01A84A6424C475C8D

    C:\Windows\System32\DriverStore\FileRepository\volume.inf_c52a9a32\volsnap.sys
    [2006-11-02 04:40] - [2006-11-02 03:51] - 0247912 ____A (Microsoft Corporation) D4674E125878F77EED0D87E6C46889AA

    C:\Windows\System32\DriverStore\FileRepository\volume.inf_47e59f7b\volsnap.sys
    [2008-01-20 18:47] - [2008-01-20 18:47] - 0271416 ____A (Microsoft Corporation) DE4307412D98050239026E56A7DFF3C0

    C:\Windows\System32\DriverStore\FileRepository\volume.inf_0b1d42b8\volsnap.sys
    [2012-12-25 22:21] - [2012-08-21 03:50] - 0267648 ____A (Microsoft Corporation) 582F710097B46140F5A89A19A6573D4B

    C:\Windows\System32\drivers\volsnap.sys
    [2012-12-25 22:21] - [2012-08-21 03:50] - 0267648 ____A (Microsoft Corporation) 582F710097B46140F5A89A19A6573D4B

    ====== End Of Search ======
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
     

    Attached Files:

  16. RLong31

    RLong31 TS Rookie Topic Starter Posts: 20

    Fixlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-02-2013
    Ran by SYSTEM at 2013-02-11 09:14:08 Run:1
    Running from F:\

    ==============================================

    C:\Windows\System32\drivers\volsnap.sys moved successfully.
    C:\Windows\System32\DriverStore\FileRepository\volume.inf_0b1d42b8\volsnap.sys copied successfully to C:\Windows\System32\drivers\volsnap.sys

    ==== End of Fixlog ====
     
  17. RLong31

    RLong31 TS Rookie Topic Starter Posts: 20

    Everything seems to be running fine now. No more annoying pop-ups saying a program has failed. Only thing that is not working correctly is Windows Defender. I can access the firewall stuff, and run a scan... but it won't let me access the "Change Start-up Programs" portion. It gives me the error: Software Explorers error: 0x80070005. Access is denied.

    Still a virus/mal-ware issue or something else? That's really the only thing I've noticed so far that doesn't work.
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yeah. We need to check something else...

    Check Partitions

    Please download Listparts64
    Run the tool,
    check the "list BCD" box
    click "Scan" and post the log (Result.txt) it makes.


    Be back tomorrow. Good night! :)
     
  19. RLong31

    RLong31 TS Rookie Topic Starter Posts: 20

    Result.txt :


    Windows Memory Tester
    ---------------------
    identifier {memdiag}
    device partition=C:
    path \boot\memtest.exe
    description Windows Memory Diagnostic
    locale en-US
    inherit {globalsettings}
    badmemoryaccess Yes

    Windows Legacy OS Loader
    ------------------------
    identifier {ntldr}
    device unknown
    path \ntldr
    description Earlier Version of Windows

    EMS Settings
    ------------
    identifier {emssettings}
    bootems Yes

    Debugger Settings
    -----------------
    identifier {dbgsettings}
    debugtype Serial
    debugport 1
    baudrate 115200

    RAM Defects
    -----------
    identifier {badmemory}

    Global Settings
    ---------------
    identifier {globalsettings}
    inherit {dbgsettings}
    {emssettings}
    {badmemory}

    Boot Loader Settings
    --------------------
    identifier {bootloadersettings}
    inherit {globalsettings}

    Resume Loader Settings
    ----------------------
    identifier {resumeloadersettings}
    inherit {globalsettings}

    Device options
    --------------
    identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
    description Toshiba Recovery Environment
    ramdisksdidevice partition=\Device\HarddiskVolume1
    ramdisksdipath \boot.sdi


    ****** End Of Log ******
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I didn't need a log from MEMTEST. I need a log from ListParts64, please.
     
  21. RLong31

    RLong31 TS Rookie Topic Starter Posts: 20

    My apologies.. here is results of listparts64:

    ListParts by Farbar Version: 16-01-2013
    Ran by toni12 (administrator) on 12-02-2013 at 07:14:15
    Windows Vista (X64)
    Running From: C:\Users\toni12\Downloads
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 70%
    Total physical RAM: 4058.23 MB
    Available physical RAM: 1207.62 MB
    Total Pagefile: 8293.75 MB
    Available Pagefile: 4911.28 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.92 MB

    ======================= Partitions =========================

    1 Drive c: (TI101800V0E ) (Fixed) (Total:286.35 GB) (Free:199.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    3 Drive e: () (Removable) (Total:7.46 GB) (Free:1.44 GB) FAT32

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 7658 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: 14054DEA

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 1500 MB 1024 KB
    Partition 2 Primary 286 GB 1501 MB
    Partition 3 Primary 10 GB 288 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C TI101800V0E NTFS Partition 286 GB Healthy System (partition with boot components)

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Disk ID: 004273D9

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7657 MB 32 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E FAT32 Removable 7657 MB Healthy

    ======================================================================================================

    Windows Boot Manager
    --------------------
    identifier {bootmgr}
    device partition=C:
    description Windows Boot Manager
    locale en-US
    inherit {globalsettings}
    default {current}
    resumeobject {b5b44ba9-3e50-11de-8b96-00248c6a1e8b}
    displayorder {current}
    toolsdisplayorder {572bcd56-ffa7-11d9-aae0-0007e994107d}
    {memdiag}
    timeout 30
    resume No
    customactions 0x1000000720001
    0x54000001
    custom:54000001 {572bcd56-ffa7-11d9-aae0-0007e994107d}

    Windows Boot Loader
    -------------------
    identifier {572bcd56-ffa7-11d9-aae0-0007e994107d}
    device ramdisk=[\Device\HarddiskVolume1]\Sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
    path \windows\system32\boot\winload.exe
    description Toshiba Recovery Environment
    osdevice ramdisk=[\Device\HarddiskVolume1]\Sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
    systemroot \windows
    nx OptIn
    detecthal Yes
    winpe Yes

    Windows Boot Loader
    -------------------
    identifier {current}
    device partition=C:
    path \Windows\system32\winload.exe
    description Microsoft Windows Vista
    locale en-US
    inherit {bootloadersettings}
    recoverysequence {572bcd56-ffa7-11d9-aae0-0007e994107d}
    recoveryenabled Yes
    osdevice partition=C:
    systemroot \Windows
    resumeobject {b5b44ba9-3e50-11de-8b96-00248c6a1e8b}
    nx OptIn

    Resume from Hibernate
    ---------------------
    identifier {b5b44ba9-3e50-11de-8b96-00248c6a1e8b}
    device partition=C:
    path \Windows\system32\winresume.exe
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    filedevice partition=C:
    filepath \hiberfil.sys
    debugoptionenabled No

    Windows Memory Tester
    ---------------------
    identifier {memdiag}
    device partition=C:
    path \boot\memtest.exe
    description Windows Memory Diagnostic
    locale en-US
    inherit {globalsettings}
    badmemoryaccess Yes

    Windows Legacy OS Loader
    ------------------------
    identifier {ntldr}
    device unknown
    path \ntldr
    description Earlier Version of Windows

    EMS Settings
    ------------
    identifier {emssettings}
    bootems Yes

    Debugger Settings
    -----------------
    identifier {dbgsettings}
    debugtype Serial
    debugport 1
    baudrate 115200

    RAM Defects
    -----------
    identifier {badmemory}

    Global Settings
    ---------------
    identifier {globalsettings}
    inherit {dbgsettings}
    {emssettings}
    {badmemory}

    Boot Loader Settings
    --------------------
    identifier {bootloadersettings}
    inherit {globalsettings}

    Resume Loader Settings
    ----------------------
    identifier {resumeloadersettings}
    inherit {globalsettings}

    Device options
    --------------
    identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
    description Toshiba Recovery Environment
    ramdisksdidevice partition=\Device\HarddiskVolume1
    ramdisksdipath \boot.sdi


    ****** End Of Log ******
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Print this, if you like...

    Click Start > type CMD and right-click on Command Prompt and select Run as administrator...

    While in Command Prompt, type the following pressing Enter after each break in line of my text:

    DISKPART

    List Disk

    select disk 0

    list partition

    select partition 3

    delete partition override

    exit

    exit


    NOTE: Be sure when you go to the step "list partition", verify that partition 3 is listed to delete. If so, delete partition 3.
     
  23. RLong31

    RLong31 TS Rookie Topic Starter Posts: 20

  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    New log from ListParts64 please, to verify it's gone. :)
     
  25. RLong31

    RLong31 TS Rookie Topic Starter Posts: 20

    Listparts Log:

    ListParts by Farbar Version: 16-01-2013
    Ran by toni12 (administrator) on 13-02-2013 at 07:38:49
    Windows Vista (X64)
    Running From: C:\Users\toni12\Downloads
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 58%
    Total physical RAM: 4058.23 MB
    Available physical RAM: 1679.22 MB
    Total Pagefile: 8305.75 MB
    Available Pagefile: 5549.72 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.92 MB

    ======================= Partitions =========================

    1 Drive c: (TI101800V0E ) (Fixed) (Total:286.35 GB) (Free:197.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 10 GB

    Partitions of Disk 0:
    ===============

    Disk ID: 14054DEA

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 1500 MB 1024 KB
    Partition 2 Primary 286 GB 1501 MB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C TI101800V0E NTFS Partition 286 GB Healthy System (partition with boot components)

    ======================================================================================================

    Windows Boot Manager
    --------------------
    identifier {bootmgr}
    device partition=C:
    description Windows Boot Manager
    locale en-US
    inherit {globalsettings}
    default {current}
    resumeobject {b5b44ba9-3e50-11de-8b96-00248c6a1e8b}
    displayorder {current}
    toolsdisplayorder {572bcd56-ffa7-11d9-aae0-0007e994107d}
    {memdiag}
    timeout 30
    resume No
    customactions 0x1000000720001
    0x54000001
    custom:54000001 {572bcd56-ffa7-11d9-aae0-0007e994107d}

    Windows Boot Loader
    -------------------
    identifier {572bcd56-ffa7-11d9-aae0-0007e994107d}
    device ramdisk=[\Device\HarddiskVolume1]\Sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
    path \windows\system32\boot\winload.exe
    description Toshiba Recovery Environment
    osdevice ramdisk=[\Device\HarddiskVolume1]\Sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
    systemroot \windows
    nx OptIn
    detecthal Yes
    winpe Yes

    Windows Boot Loader
    -------------------
    identifier {current}
    device partition=C:
    path \Windows\system32\winload.exe
    description Microsoft Windows Vista
    locale en-US
    inherit {bootloadersettings}
    recoverysequence {572bcd56-ffa7-11d9-aae0-0007e994107d}
    recoveryenabled Yes
    osdevice partition=C:
    systemroot \Windows
    resumeobject {b5b44ba9-3e50-11de-8b96-00248c6a1e8b}
    nx OptIn

    Resume from Hibernate
    ---------------------
    identifier {b5b44ba9-3e50-11de-8b96-00248c6a1e8b}
    device partition=C:
    path \Windows\system32\winresume.exe
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    filedevice partition=C:
    filepath \hiberfil.sys
    debugoptionenabled No

    Windows Memory Tester
    ---------------------
    identifier {memdiag}
    device partition=C:
    path \boot\memtest.exe
    description Windows Memory Diagnostic
    locale en-US
    inherit {globalsettings}
    badmemoryaccess Yes

    Windows Legacy OS Loader
    ------------------------
    identifier {ntldr}
    device unknown
    path \ntldr
    description Earlier Version of Windows

    EMS Settings
    ------------
    identifier {emssettings}
    bootems Yes

    Debugger Settings
    -----------------
    identifier {dbgsettings}
    debugtype Serial
    debugport 1
    baudrate 115200

    RAM Defects
    -----------
    identifier {badmemory}

    Global Settings
    ---------------
    identifier {globalsettings}
    inherit {dbgsettings}
    {emssettings}
    {badmemory}

    Boot Loader Settings
    --------------------
    identifier {bootloadersettings}
    inherit {globalsettings}

    Resume Loader Settings
    ----------------------
    identifier {resumeloadersettings}
    inherit {globalsettings}

    Device options
    --------------
    identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
    description Toshiba Recovery Environment
    ramdisksdidevice partition=\Device\HarddiskVolume1
    ramdisksdipath \boot.sdi


    ****** End Of Log ******
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.