Solved Avast! reporting Rootkit in mssmbios.sys - Win7 32-Bit

Status
Not open for further replies.

kananesgi

Posts: 13   +0
My Avast! has been reporting this infection for about two weeks now. I've tried multiple times to remove the infection with no success. Finally decided to bite the bullet and see if I can get some help here. I've followed the 8-Step instructions and have the requested log files. I guess I just paste them inline here. Hope that's right. Here they are:

---------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5898

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/27/2011 4:25:12 PM
mbam-log-2011-02-27 (16-25-12).txt

Scan type: Quick scan
Objects scanned: 159786
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


=============================================================


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-27 16:28:55
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort1 TOSHIBA_MK3263GSX rev.FG020M
Running: 0jdpc0gp.exe; Driver: C:\Users\primary\AppData\Local\Temp\kwtirpoc.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sectors 625142192 (+254): rootkit-like behavior;

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8FBB382E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8FBB3652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8FBB378C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-2 866BAAEA
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 853BA1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 866BAAEA
Device \Driver\atapi \Device\Ide\IdePort0 853BA1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 866BAAEA
Device \Driver\atapi \Device\Ide\IdePort1 853BA1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 866BAAEA
Device \Driver\atapi \Device\Ide\IdePort2 853BA1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 866BAAEA
Device \Driver\atapi \Device\Ide\IdePort3 853BA1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 866BAAEA
Device \Driver\atapi \Device\Ide\IdePort4 853BA1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 866BAAEA
Device \Driver\atapi \Device\Ide\IdePort5 853BA1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 853BB1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 853BB1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel2 853BB1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel3 853BB1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 853BB1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 853BB1F8
Device \Driver\awaa96fb \Device\Scsi\awaa96fb1 867C71F8
Device \FileSystem\Ntfs \Ntfs 853BD1F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP1T0L0-1 -> \??\IDE#DiskTOSHIBA_MK3263GSX_______________________FG020M__#5&1ac922e7&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----


================================================================


DDS (Ver_10-12-12.02) - NTFSx86
Run by primary at 16:30:37.37 on Sun 02/27/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1782 [GMT -6:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\windows\system32\AUDIODG.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Users\primary\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
uRun: [Google Update] "c:\users\primary\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [<NO NAME>]
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AGEIA PhysX SysTray] c:\program files\ageia technologies\TrayIcon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\users\primary\appdata\roaming\micros~1\windows\startm~1\programs\startup\accuwe~1.lnk - c:\program files\accuweather\desktop\AccuWeatherDesktop.exe
StartupFolder: c:\users\primary\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\primary\appdata\roaming\micros~1\windows\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
StartupFolder: c:\users\primary\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\primary\appdata\roaming\mozilla\firefox\profiles\uhgthp4f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nasa.gov/multimedia/imagegallery/iotd.html
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\primary\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: OnlyWire: {e26ba8db-a646-a44e-997c-2fafeadb50f2} - %profile%\extensions\{e26ba8db-a646-a44e-997c-2fafeadb50f2}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-11-23 294608]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-28 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-23 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-23 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-18 40384]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-30 1153368]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-10-29 7680]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-1-23 13952]
R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-1-23 28800]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-10-29 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-11-26 54416]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-11-26 160272]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-11-26 160272]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [2009-11-26 11920]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-11-26 113680]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-29 171520]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]

=============== Created Last 30 ================

2011-02-26 16:15:58 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8e21be66-4f9b-4583-b261-0ed923f477e3}\mpengine.dll
2011-02-24 09:00:30 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-24 01:36:23 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-24 01:36:22 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-15 04:24:57 -------- d-----w- c:\users\primary\appdata\roaming\Malwarebytes
2011-02-15 04:24:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-15 04:24:45 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-15 04:24:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-15 04:24:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-09 00:50:59 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-02-09 00:50:59 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-02-09 00:50:59 14336 ----a-w- c:\windows\system32\slwga.dll
2011-02-05 16:01:48 -------- d-----w- C:\My Music
2011-01-30 20:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-01-30 20:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2011-02-02 23:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: TOSHIBA_MK3263GSX rev.FG020M -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-1

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x866BAEC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x85d22872; SUB DWORD [EBP-0x4], 0x85d2212e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x82E74448] -> \Device\Harddisk0\DR0[0x862297D0]
3 CLASSPNP[0x8B2EE59E] -> ntkrnlpa!IofCallDriver[0x82E74448] -> [0x86244C10]
5 ACPI[0x8AB403B2] -> ntkrnlpa!IofCallDriver[0x82E74448] -> \IdeDeviceP1T0L0-1[0x86244030]
[0x86575538] -> IRP_MJ_CREATE -> 0x866BAEC5
kernel: MBR read successfully
_asm { JMP 0x65; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-1 -> \??\IDE#DiskTOSHIBA_MK3263GSX_______________________FG020M__#5&1ac922e7&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
sectors 625142446 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

============= FINISH: 16:34:03.26 ===============


================================================================


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/22/2009 11:58:01 AM
System Uptime: 2/27/2011 4:15:29 PM (0 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: AMD Athlon(tm) II Dual-Core M300 | Socket S1G3 | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 242 GiB total, 10.038 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Synaptics PS/2 Port TouchPad
Device ID: ACPI\SYN191B\4&257B6A8D&0
Manufacturer: Synaptics
Name: Synaptics PS/2 Port TouchPad
PNP Device ID: ACPI\SYN191B\4&257B6A8D&0
Service: i8042prt

==== System Restore Points ===================

RP275: 2/1/2011 12:12:10 PM - Windows Update
RP276: 2/4/2011 11:52:35 AM - Windows Update
RP277: 2/8/2011 3:13:30 AM - Windows Update
RP278: 2/9/2011 12:56:22 PM - Windows Update
RP279: 2/15/2011 3:08:43 AM - Windows Update
RP280: 2/19/2011 1:34:52 PM - Windows Update
RP281: 2/23/2011 7:34:13 PM - Windows Update
RP282: 2/24/2011 3:00:13 AM - Windows Update
RP283: 2/26/2011 10:15:00 AM - Windows Update

==== Installed Programs ======================

3dsmax ancillary install
7-Zip 4.65
Active Camera 2004 2.1 for FS 2004 (updated to 9.1)
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge 1.0
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Common File Installer
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS2
Adobe Reader 9.4.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Stock Photos 1.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AGEIA PhysX v6.10.25
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Software Update
Armstrong Whitworth Ensign for FS2004
ATI Catalyst Install Manager
Autodesk 3ds Max 9 32-bit
Autodesk DWF Viewer 7
avast! Free Antivirus
Backburner
Big Rig Europe
BitTorrent
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Check Version Ver 1.0.0
Citrix online plug-in (Web)
Classic Wings Graf Zeppelin
Classic Wings Hindenburg Zeppelin
Compatibility Pack for the 2007 Office system
Condor: The Competition Soaring Simulator 1.0.4
Connect
D3DX10
DeLorme Street Atlas USA 2009 Plus
Download Accelerator Plus (DAP)
ENERGY project, release 4
Eraser 6.0.6.1376
EVE Online (remove only)
EVEMon
Ewisoft Website Builder (include eCommerce Builder) Version 5
FBX Plugin 2006.08 for Max 9.0
FileZilla Client 3.3.1
FMS
Free 3GP Video Converter version 3.7.18
Free WMA to MP3 Converter 1.16
FreeMind
Fuel Service Stations, release 2
Glacier Bay v2a
Glacier Bay v2b
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Impulse
inSSIDer
Java(TM) 6 Update 14
kuler
Label@Once 1.0
Logo Design Studio Pro
Logo Design Studio The Big Concept Expansion Pack
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Combat Flight Simulator 3.1
Microsoft Crimson Skies
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Management Objects
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
Mir-2 space station, release 1.1
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyScribe
MyToshiba
Network Recording Player
Niche Research Commando Ver 3.0.2
NifSkope (remove only)
OFF MP Essential Files
OGA Notifier 2.0.0048.0
Over Flanders Fields - Between Heaven and Hell - Update To V1.3
Paint Shop Pro 7
PANTECH UM175 Driver
Parallel Port Joystick
PDF Settings CS4
PeerGuardian 2.0
Pepakura Designer2
Photoshop Camera Raw
Pinnacle VideoSpin
PlayReady PC Runtime x86
Power Tab Editor 1.7
PowerISO
Quickbooks Financial Center
QuickPar 0.9
QuickTime
RailWorks
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Driver
Realtek WLAN Driver
RealUpgrade 1.1
Rhapsody
Rosetta Stone 2.2.0.0A
SD Formatter
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shotstone
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 Complete
Sid Meier's Civilization V
SimCharts 3.0
Sins of a Solar Empire
Sins of a Solar Empire - Diplomacy
Sins of a Solar Empire - Entrenchment
Skype Launcher
SmartPropoPlus
SocialBot
SolveigMM AVI Trimmer
Space Tankers, release 1
Space Tugs, release 4
Spybot - Search & Destroy
SQL Server System CLR Types
SquawkBox
Steam
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
TOSHIBA PC Health Monitor
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Uninstall 1.0.0.1
Universal Cargo Deck, release 4
Universal RMS, release 3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAT-Spy
Visual Studio Express Editions Registration Benefits Overview
VLC media player 1.1.4
VRC
VZAccess Manager
WebEx
WebTablet IE Plugin
WebTablet Netscape Plugin
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

2/27/2011 4:15:47 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
2/27/2011 4:15:47 PM, Error: atikmdag [43029] - Display is not active
2/27/2011 4:12:47 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
2/26/2011 10:13:54 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
2/26/2011 10:13:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
2/26/2011 10:12:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
2/26/2011 10:12:14 AM, Error: Service Control Manager [7034] - The TOSHIBA HDD SSD Alert Service service terminated unexpectedly. It has done this 1 time(s).
2/26/2011 10:11:53 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/26/2011 10:11:53 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/26/2011 10:11:53 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/26/2011 10:11:53 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/26/2011 10:11:53 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/26/2011 10:11:53 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/26/2011 10:11:53 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/26/2011 10:11:53 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/26/2011 10:11:53 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/26/2011 10:11:53 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/26/2011 10:11:53 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/26/2011 10:11:53 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/26/2011 10:11:53 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/26/2011 10:11:53 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/26/2011 10:11:53 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/26/2011 10:11:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
2/24/2011 8:29:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/21/2011 4:07:05 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================================================

You're infected with a rootkit.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Sorry it took me so long to get back. Unexpected visit from my brother and his family took me away from the computer for a while.

Ran TDSSKiller and it found the rootkit, maybe it removed it during the reboot. Avast! hasn't reported the infection yet since reboot.

Here's the log:
=================================================================


2011/02/27 18:05:48.0431 1040 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/27 18:05:48.0930 1040 ================================================================================
2011/02/27 18:05:48.0930 1040 SystemInfo:
2011/02/27 18:05:48.0930 1040
2011/02/27 18:05:48.0930 1040 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/27 18:05:48.0930 1040 Product type: Workstation
2011/02/27 18:05:48.0930 1040 ComputerName: ROADWARRIOR-PC
2011/02/27 18:05:48.0930 1040 UserName: primary
2011/02/27 18:05:48.0930 1040 Windows directory: C:\windows
2011/02/27 18:05:48.0930 1040 System windows directory: C:\windows
2011/02/27 18:05:48.0930 1040 Processor architecture: Intel x86
2011/02/27 18:05:48.0930 1040 Number of processors: 2
2011/02/27 18:05:48.0930 1040 Page size: 0x1000
2011/02/27 18:05:48.0930 1040 Boot type: Normal boot
2011/02/27 18:05:48.0930 1040 ================================================================================
2011/02/27 18:05:50.0833 1040 Initialize success
2011/02/27 18:05:55.0622 2368 ================================================================================
2011/02/27 18:05:55.0622 2368 Scan started
2011/02/27 18:05:55.0622 2368 Mode: Manual;
2011/02/27 18:05:55.0622 2368 ================================================================================
2011/02/27 18:05:56.0558 2368 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/02/27 18:05:56.0683 2368 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/02/27 18:05:56.0792 2368 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/02/27 18:05:56.0933 2368 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\windows\system32\drivers\adfs.sys
2011/02/27 18:05:57.0073 2368 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/02/27 18:05:57.0214 2368 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/02/27 18:05:57.0354 2368 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/02/27 18:05:57.0479 2368 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/02/27 18:05:57.0635 2368 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
2011/02/27 18:05:57.0760 2368 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/02/27 18:05:57.0884 2368 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/02/27 18:05:58.0025 2368 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/02/27 18:05:58.0134 2368 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/02/27 18:05:58.0228 2368 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/02/27 18:05:58.0337 2368 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/02/27 18:05:58.0477 2368 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/02/27 18:05:58.0602 2368 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2011/02/27 18:05:58.0727 2368 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/02/27 18:05:58.0820 2368 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2011/02/27 18:05:58.0945 2368 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/02/27 18:05:59.0070 2368 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/02/27 18:05:59.0148 2368 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/02/27 18:05:59.0257 2368 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\windows\system32\drivers\aswFsBlk.sys
2011/02/27 18:05:59.0382 2368 aswMonFlt (317f85fb68a3be507e9ccede5e6d9ee0) C:\windows\system32\drivers\aswMonFlt.sys
2011/02/27 18:05:59.0507 2368 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\windows\system32\drivers\aswRdr.sys
2011/02/27 18:05:59.0632 2368 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\windows\system32\drivers\aswSP.sys
2011/02/27 18:05:59.0741 2368 aswTdi (1408421505257846eb336feeef33352d) C:\windows\system32\drivers\aswTdi.sys
2011/02/27 18:05:59.0850 2368 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/02/27 18:05:59.0944 2368 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/02/27 18:06:00.0069 2368 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\windows\system32\DRIVERS\athr.sys
2011/02/27 18:06:00.0334 2368 atikmdag (c97be8350fbcb1960b22fad2e6c2b514) C:\windows\system32\DRIVERS\atikmdag.sys
2011/02/27 18:06:00.0615 2368 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys
2011/02/27 18:06:00.0802 2368 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/02/27 18:06:00.0911 2368 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/02/27 18:06:01.0036 2368 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/02/27 18:06:01.0161 2368 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/02/27 18:06:01.0239 2368 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
2011/02/27 18:06:01.0270 2368 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/02/27 18:06:01.0363 2368 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/02/27 18:06:01.0395 2368 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/02/27 18:06:01.0473 2368 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/02/27 18:06:01.0551 2368 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/02/27 18:06:01.0629 2368 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/02/27 18:06:01.0660 2368 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/02/27 18:06:01.0769 2368 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/02/27 18:06:01.0878 2368 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/02/27 18:06:02.0003 2368 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/02/27 18:06:02.0050 2368 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/02/27 18:06:02.0159 2368 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/02/27 18:06:02.0190 2368 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/02/27 18:06:02.0268 2368 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/02/27 18:06:02.0362 2368 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/02/27 18:06:02.0440 2368 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/02/27 18:06:02.0533 2368 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/02/27 18:06:02.0658 2368 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/02/27 18:06:02.0767 2368 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/02/27 18:06:02.0861 2368 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/02/27 18:06:02.0986 2368 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/02/27 18:06:03.0079 2368 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
2011/02/27 18:06:03.0267 2368 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/02/27 18:06:03.0454 2368 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/02/27 18:06:03.0547 2368 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/02/27 18:06:03.0657 2368 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/02/27 18:06:03.0735 2368 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/02/27 18:06:03.0844 2368 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/02/27 18:06:03.0937 2368 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/02/27 18:06:03.0969 2368 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/02/27 18:06:04.0078 2368 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/02/27 18:06:04.0156 2368 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/02/27 18:06:04.0281 2368 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/02/27 18:06:04.0327 2368 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/02/27 18:06:04.0483 2368 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/02/27 18:06:04.0577 2368 FwLnk (0f76e205bdc60364f08a5949082771ca) C:\windows\system32\DRIVERS\FwLnk.sys
2011/02/27 18:06:04.0686 2368 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/02/27 18:06:04.0811 2368 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/02/27 18:06:04.0873 2368 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/02/27 18:06:04.0951 2368 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/02/27 18:06:04.0983 2368 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/02/27 18:06:05.0076 2368 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/02/27 18:06:05.0185 2368 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/02/27 18:06:05.0295 2368 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/02/27 18:06:05.0419 2368 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/02/27 18:06:05.0466 2368 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/02/27 18:06:05.0544 2368 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/02/27 18:06:05.0685 2368 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/02/27 18:06:05.0809 2368 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2011/02/27 18:06:05.0950 2368 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/02/27 18:06:06.0153 2368 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
2011/02/27 18:06:06.0262 2368 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/02/27 18:06:06.0340 2368 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/02/27 18:06:06.0402 2368 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/02/27 18:06:06.0480 2368 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/02/27 18:06:06.0543 2368 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/02/27 18:06:06.0901 2368 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/02/27 18:06:06.0995 2368 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/02/27 18:06:07.0042 2368 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/02/27 18:06:07.0167 2368 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/02/27 18:06:07.0291 2368 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/02/27 18:06:07.0338 2368 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/02/27 18:06:07.0432 2368 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/02/27 18:06:07.0572 2368 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/02/27 18:06:07.0681 2368 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/02/27 18:06:07.0775 2368 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/02/27 18:06:07.0900 2368 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/02/27 18:06:07.0931 2368 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/02/27 18:06:08.0025 2368 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/02/27 18:06:08.0056 2368 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/02/27 18:06:08.0149 2368 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/02/27 18:06:08.0274 2368 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/02/27 18:06:08.0383 2368 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/02/27 18:06:08.0524 2368 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/02/27 18:06:08.0617 2368 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/02/27 18:06:08.0664 2368 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/02/27 18:06:08.0742 2368 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/02/27 18:06:08.0773 2368 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/02/27 18:06:08.0867 2368 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/02/27 18:06:08.0929 2368 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/02/27 18:06:09.0039 2368 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/02/27 18:06:09.0163 2368 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/02/27 18:06:09.0241 2368 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/02/27 18:06:09.0304 2368 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/02/27 18:06:09.0397 2368 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/02/27 18:06:09.0444 2368 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/02/27 18:06:09.0522 2368 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/02/27 18:06:09.0647 2368 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/02/27 18:06:09.0756 2368 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/02/27 18:06:09.0865 2368 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/02/27 18:06:09.0959 2368 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/02/27 18:06:10.0053 2368 mssmbios (90e1c4ac32f605d92539d3e8ba9bfd43) C:\windows\system32\DRIVERS\mssmbios.sys
2011/02/27 18:06:10.0053 2368 Suspicious file (Forged): C:\windows\system32\DRIVERS\mssmbios.sys. Real md5: 90e1c4ac32f605d92539d3e8ba9bfd43, Fake md5: fc6b9ff600cc585ea38b12589bd4e246
2011/02/27 18:06:10.0084 2368 mssmbios - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/02/27 18:06:10.0177 2368 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/02/27 18:06:10.0271 2368 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/02/27 18:06:10.0396 2368 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/02/27 18:06:10.0521 2368 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/02/27 18:06:10.0614 2368 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/02/27 18:06:10.0723 2368 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/02/27 18:06:10.0817 2368 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/02/27 18:06:10.0911 2368 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/02/27 18:06:10.0942 2368 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/02/27 18:06:11.0020 2368 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/02/27 18:06:11.0113 2368 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/02/27 18:06:11.0145 2368 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/02/27 18:06:11.0285 2368 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/02/27 18:06:11.0394 2368 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/02/27 18:06:11.0472 2368 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/02/27 18:06:11.0550 2368 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2011/02/27 18:06:11.0659 2368 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/02/27 18:06:11.0769 2368 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2011/02/27 18:06:11.0956 2368 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2011/02/27 18:06:12.0112 2368 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/02/27 18:06:12.0205 2368 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/02/27 18:06:12.0330 2368 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/02/27 18:06:12.0455 2368 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/02/27 18:06:12.0486 2368 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/02/27 18:06:12.0580 2368 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/02/27 18:06:12.0673 2368 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/02/27 18:06:12.0720 2368 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/02/27 18:06:12.0798 2368 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/02/27 18:06:12.0861 2368 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/02/27 18:06:12.0970 2368 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
2011/02/27 18:06:13.0157 2368 PPJoyBus (89045b00bd36cfe3910e3cb6762c2db0) C:\windows\system32\drivers\PPJoyBus.sys
2011/02/27 18:06:13.0282 2368 PPortJoystick (f1228587245ad1db17f918d518d85bc1) C:\windows\system32\drivers\PPortJoy.sys
2011/02/27 18:06:13.0375 2368 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/02/27 18:06:13.0422 2368 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/02/27 18:06:13.0547 2368 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/02/27 18:06:13.0656 2368 PTDUBus (dbaf8a53d7669efb4742896b458181d0) C:\windows\system32\DRIVERS\PTDUBus.sys
2011/02/27 18:06:13.0781 2368 PTDUMdm (fa4e2a5cf478624d3154fb045fb2d076) C:\windows\system32\DRIVERS\PTDUMdm.sys
2011/02/27 18:06:13.0890 2368 PTDUVsp (9c489b38ca13f251289004fe4f8631dd) C:\windows\system32\DRIVERS\PTDUVsp.sys
2011/02/27 18:06:13.0968 2368 PTDUWFLT (37a75ac00d26364a5ea2050a6f85c2d0) C:\windows\system32\DRIVERS\PTDUWFLT.sys
2011/02/27 18:06:14.0062 2368 PTDUWWAN (f4a789a94ff74a47eb321be4465259d0) C:\windows\system32\DRIVERS\PTDUWWAN.sys
2011/02/27 18:06:14.0171 2368 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/02/27 18:06:14.0280 2368 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/02/27 18:06:14.0358 2368 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/02/27 18:06:14.0405 2368 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/02/27 18:06:14.0514 2368 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/02/27 18:06:14.0592 2368 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/02/27 18:06:14.0686 2368 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/02/27 18:06:14.0779 2368 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/02/27 18:06:14.0811 2368 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/02/27 18:06:14.0889 2368 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/02/27 18:06:14.0920 2368 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/02/27 18:06:15.0029 2368 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/02/27 18:06:15.0060 2368 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/02/27 18:06:15.0169 2368 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/02/27 18:06:15.0263 2368 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/02/27 18:06:15.0403 2368 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/02/27 18:06:15.0497 2368 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\system32\Drivers\RtsUStor.sys
2011/02/27 18:06:15.0637 2368 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/02/27 18:06:15.0778 2368 RTL8187Se (e48daf453d773a89a44134ce4ba9af44) C:\windows\system32\DRIVERS\RTL8187Se.sys
2011/02/27 18:06:15.0934 2368 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/02/27 18:06:16.0090 2368 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\windows\system32\drivers\SCDEmu.sys
2011/02/27 18:06:16.0183 2368 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/02/27 18:06:16.0324 2368 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\windows\system32\drivers\SECDRV.SYS
2011/02/27 18:06:16.0464 2368 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/02/27 18:06:16.0542 2368 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/02/27 18:06:16.0651 2368 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/02/27 18:06:16.0776 2368 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
2011/02/27 18:06:16.0839 2368 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
2011/02/27 18:06:16.0932 2368 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\drivers\sffp_sd.sys
2011/02/27 18:06:16.0979 2368 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/02/27 18:06:17.0088 2368 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/02/27 18:06:17.0244 2368 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/02/27 18:06:17.0338 2368 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/02/27 18:06:17.0431 2368 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/02/27 18:06:17.0494 2368 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
2011/02/27 18:06:17.0619 2368 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/02/27 18:06:17.0806 2368 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\system32\Drivers\sptd.sys
2011/02/27 18:06:17.0806 2368 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/02/27 18:06:17.0821 2368 sptd - detected Locked file (1)
2011/02/27 18:06:17.0946 2368 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys
2011/02/27 18:06:18.0055 2368 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys
2011/02/27 18:06:18.0180 2368 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys
2011/02/27 18:06:18.0352 2368 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/02/27 18:06:18.0445 2368 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/02/27 18:06:18.0601 2368 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
2011/02/27 18:06:18.0757 2368 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2011/02/27 18:06:18.0929 2368 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2011/02/27 18:06:19.0038 2368 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/02/27 18:06:19.0163 2368 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/02/27 18:06:19.0241 2368 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/02/27 18:06:19.0303 2368 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/02/27 18:06:19.0335 2368 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/02/27 18:06:19.0428 2368 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/02/27 18:06:19.0600 2368 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
2011/02/27 18:06:19.0740 2368 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/02/27 18:06:19.0849 2368 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/02/27 18:06:19.0959 2368 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/02/27 18:06:20.0068 2368 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
2011/02/27 18:06:20.0146 2368 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/02/27 18:06:20.0224 2368 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
2011/02/27 18:06:20.0380 2368 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/02/27 18:06:20.0489 2368 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/02/27 18:06:20.0505 2368 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/02/27 18:06:20.0598 2368 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/02/27 18:06:20.0692 2368 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/02/27 18:06:20.0785 2368 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/02/27 18:06:20.0895 2368 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2011/02/27 18:06:20.0988 2368 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/02/27 18:06:21.0082 2368 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/02/27 18:06:21.0113 2368 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/02/27 18:06:21.0191 2368 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/02/27 18:06:21.0347 2368 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2011/02/27 18:06:21.0472 2368 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/02/27 18:06:21.0597 2368 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/02/27 18:06:21.0675 2368 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/02/27 18:06:21.0721 2368 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/02/27 18:06:21.0815 2368 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/02/27 18:06:21.0846 2368 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/02/27 18:06:21.0877 2368 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/02/27 18:06:21.0955 2368 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/02/27 18:06:22.0049 2368 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/02/27 18:06:22.0127 2368 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/02/27 18:06:22.0236 2368 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/02/27 18:06:22.0330 2368 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/02/27 18:06:22.0455 2368 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/02/27 18:06:22.0548 2368 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2011/02/27 18:06:22.0579 2368 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/02/27 18:06:22.0689 2368 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/02/27 18:06:22.0704 2368 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/02/27 18:06:22.0860 2368 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/02/27 18:06:22.0954 2368 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/02/27 18:06:23.0094 2368 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/02/27 18:06:23.0172 2368 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/02/27 18:06:23.0344 2368 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
2011/02/27 18:06:23.0469 2368 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/02/27 18:06:23.0609 2368 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/02/27 18:06:23.0734 2368 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/02/27 18:06:23.0843 2368 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/02/27 18:06:23.0968 2368 ================================================================================
2011/02/27 18:06:23.0968 2368 Scan finished
2011/02/27 18:06:23.0968 2368 ================================================================================
2011/02/27 18:06:23.0983 3188 Detected object count: 2
2011/02/27 18:06:49.0255 3188 mssmbios (90e1c4ac32f605d92539d3e8ba9bfd43) C:\windows\system32\DRIVERS\mssmbios.sys
2011/02/27 18:06:49.0255 3188 Suspicious file (Forged): C:\windows\system32\DRIVERS\mssmbios.sys. Real md5: 90e1c4ac32f605d92539d3e8ba9bfd43, Fake md5: fc6b9ff600cc585ea38b12589bd4e246
2011/02/27 18:06:49.0365 3188 Backup copy found, using it..
2011/02/27 18:06:49.0365 3188 C:\windows\system32\DRIVERS\mssmbios.sys - will be cured after reboot
2011/02/27 18:06:49.0365 3188 Rootkit.Win32.TDSS.tdl3(mssmbios) - User select action: Cure
2011/02/27 18:06:49.0365 3188 Locked file(sptd) - User select action: Skip
2011/02/27 18:06:54.0606 6036 Deinitialize success
 
Very good :)

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Here are the logs. The MBRCheck does return an unknown MBR likely because this computer has both Win7 and Xubuntu Linux installed, with GRUB2 for the boot loader. I've been seriously thinking about getting rid of Xubuntu to free up it's HD space, but I haven't gotten around to restoring the original MBR to do that. I've done that before on another computer, but don't remember how I did it.

At any rate, here are the logs:
=================================================================

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: Insyde Corp.
System Manufacturer: TOSHIBA
System Product Name: Satellite L505D
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 186):
0x82E44000 \SystemRoot\system32\ntkrnlpa.exe
0x82E0D000 \SystemRoot\system32\halmacpi.dll
0x80B9D000 \SystemRoot\system32\kdcom.dll
0x8A827000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8A832000 \SystemRoot\system32\PSHED.dll
0x8A843000 \SystemRoot\system32\BOOTVID.dll
0x8A84B000 \SystemRoot\system32\CLFS.SYS
0x8A88D000 \SystemRoot\system32\CI.dll
0x8A938000 \SystemRoot\system32\drivers\klmdb.sys
0x8A94A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8A9BB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AA36000 \SystemRoot\System32\Drivers\spbq.sys
0x8AB29000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8AB32000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8AB58000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8ABA0000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8ABA8000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8ABB3000 \SystemRoot\system32\DRIVERS\pci.sys
0x8ABDD000 \SystemRoot\System32\drivers\partmgr.sys
0x8ABEE000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8AA00000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AA0B000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8AC2A000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AC75000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8AC7C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8AC8A000 \SystemRoot\System32\drivers\mountmgr.sys
0x8ACA0000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8ACA9000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8ACCC000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8ACD6000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8ACDF000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AD13000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AE0D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AF3C000 \SystemRoot\System32\Drivers\msrpc.sys
0x8AF67000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AF7A000 \SystemRoot\System32\Drivers\cng.sys
0x8AFD7000 \SystemRoot\System32\drivers\pcw.sys
0x8AFE5000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8AD24000 \SystemRoot\system32\drivers\ndis.sys
0x8B008000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B046000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B06B000 \SystemRoot\System32\drivers\tcpip.sys
0x8B1B4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B20C000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B24B000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x8B250000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x8B297000 \SystemRoot\System32\Drivers\spldr.sys
0x8B29F000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B2CC000 \SystemRoot\System32\Drivers\mup.sys
0x8B2DC000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B2E4000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B316000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B327000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B34C000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8B387000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B3A6000 \SystemRoot\System32\Drivers\Null.SYS
0x8B3AD000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B3B4000 \SystemRoot\System32\drivers\vga.sys
0x8B3C0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B3E1000 \SystemRoot\System32\drivers\watchdog.sys
0x8B3EE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B3F6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B200000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B1E5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B1F0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8ADDB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8AFEE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AE00000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8F213000 \SystemRoot\system32\drivers\afd.sys
0x8F26D000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8F272000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F2A4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8F2AB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F2CA000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8F2DB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F2E9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F2FC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F30C000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x8F31A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F35B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F365000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F36F000 \SystemRoot\System32\drivers\discache.sys
0x8F37B000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F393000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8F3A1000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8AC00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8F3E8000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x8F3EF000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x8F200000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x8F3F7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9060B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x90B20000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9181F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91858000 \SystemRoot\system32\DRIVERS\RTL8187Se.sys
0x918B1000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x918F6000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x91900000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x9190A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91955000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91964000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91983000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9199B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x919A8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x919DB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x919DD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9763C000 \SystemRoot\System32\Drivers\ac0mbc7c.SYS
0x97675000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x97682000 \SystemRoot\system32\drivers\PPJoyBus.sys
0x97686000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x97698000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x976B0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x976BB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x976DD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x976F5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9770C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x97723000 \SystemRoot\system32\DRIVERS\swenum.sys
0x97725000 \SystemRoot\system32\DRIVERS\ks.sys
0x97759000 \SystemRoot\system32\DRIVERS\umbus.sys
0x97767000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x977AB000 \SystemRoot\system32\drivers\PPortJoy.sys
0x977B3000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x977C6000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x977CD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x98231000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x984CD000 \SystemRoot\system32\drivers\portcls.sys
0x984FC000 \SystemRoot\system32\drivers\drmk.sys
0x98515000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x98670000 \SystemRoot\System32\win32k.sys
0x98520000 \SystemRoot\System32\drivers\Dxapi.sys
0x9852A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x98535000 \SystemRoot\system32\DRIVERS\monitor.sys
0x988D0000 \SystemRoot\System32\TSDDD.dll
0x98900000 \SystemRoot\System32\cdd.dll
0x98920000 \SystemRoot\System32\ATMFD.DLL
0x98540000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x98556000 \SystemRoot\System32\Drivers\crashdmp.sys
0x98563000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9856E000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x98578000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x98589000 \SystemRoot\system32\drivers\luafv.sys
0x985A4000 \??\C:\windows\system32\drivers\aswMonFlt.sys
0x985DB000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x985DE000 \SystemRoot\system32\drivers\WudfPf.sys
0x98200000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x99C0A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x99C50000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x99C60000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x99C73000 \SystemRoot\system32\drivers\HTTP.sys
0x99CF8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x99D11000 \SystemRoot\System32\drivers\mpsdrv.sys
0x99D23000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99D46000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x99D81000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99DB4000 \SystemRoot\System32\Drivers\adfs.SYS
0xA6204000 \SystemRoot\system32\drivers\peauth.sys
0xA629B000 \??\C:\windows\system32\drivers\SECDRV.SYS
0xA62C3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA62E4000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA62F1000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA6340000 \SystemRoot\System32\DRIVERS\srv.sys
0x77500000 \Windows\System32\ntdll.dll
0x477B0000 \Windows\System32\smss.exe
0x77740000 \Windows\System32\apisetschema.dll
0x00CA0000 \Windows\System32\autochk.exe
0x77680000 \Windows\System32\rpcrt4.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x77640000 \Windows\System32\ws2_32.dll
0x77470000 \Windows\System32\oleaut32.dll
0x77370000 \Windows\System32\wininet.dll
0x77350000 \Windows\System32\sechost.dll
0x76700000 \Windows\System32\shell32.dll
0x766F0000 \Windows\System32\normaliz.dll
0x76620000 \Windows\System32\msctf.dll
0x765D0000 \Windows\System32\Wldap32.dll
0x765B0000 \Windows\System32\imm32.dll
0x764E0000 \Windows\System32\user32.dll
0x763A0000 \Windows\System32\urlmon.dll
0x76320000 \Windows\System32\comdlg32.dll
0x76280000 \Windows\System32\advapi32.dll
0x76270000 \Windows\System32\psapi.dll
0x76220000 \Windows\System32\gdi32.dll
0x761F0000 \Windows\System32\imagehlp.dll
0x75FF0000 \Windows\System32\iertutil.dll
0x75F50000 \Windows\System32\usp10.dll
0x75EC0000 \Windows\System32\clbcatq.dll
0x75D20000 \Windows\System32\setupapi.dll

Processes (total 77):
0 System Idle Process
4 System
376 C:\Windows\System32\smss.exe
508 csrss.exe
580 C:\Windows\System32\wininit.exe
592 csrss.exe
640 C:\Windows\System32\services.exe
656 C:\Windows\System32\lsass.exe
664 C:\Windows\System32\lsm.exe
728 C:\Windows\System32\winlogon.exe
808 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\atiesrxx.exe
1028 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\atieclxx.exe
1404 C:\Windows\System32\svchost.exe
1520 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1632 C:\Windows\System32\dwm.exe
1644 C:\Windows\explorer.exe
1984 C:\Windows\System32\spoolsv.exe
2032 C:\Windows\System32\taskhost.exe
2040 C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
248 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
388 C:\Windows\System32\svchost.exe
412 C:\Program Files\PowerISO\PWRISOVM.EXE
576 C:\Program Files\Eraser\Eraser.exe
424 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
776 C:\Program Files\Citrix\ICA Client\concentr.exe
1280 C:\Program Files\AGEIA Technologies\TrayIcon.exe
1340 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1432 C:\Program Files\Real\RealPlayer\Update\realsched.exe
1724 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2172 C:\Program Files\DAEMON Tools Lite\DTLite.exe
2224 C:\Program Files\Citrix\ICA Client\wfcrun32.exe
2376 C:\Program Files\Steam\steam.exe
2456 C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
2464 C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
2496 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2592 C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
2744 C:\Windows\System32\svchost.exe
2800 C:\Windows\System32\TODDSrv.exe
2888 C:\Windows\System32\taskeng.exe
2968 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
3136 C:\Program Files\TOSHIBA\TECO\TecoService.exe
3284 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3464 C:\Windows\System32\SearchIndexer.exe
3504 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3580 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3592 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3700 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2564 C:\Windows\System32\svchost.exe
2684 C:\Windows\System32\svchost.exe
4164 C:\Windows\System32\svchost.exe
4344 C:\Program Files\Windows Media Player\wmpnetwk.exe
5104 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
5256 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
5452 dllhost.exe
5604 C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
4868 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
1156 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
2716 C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
5792 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
5980 C:\Windows\System32\svchost.exe
4692 C:\Program Files\Internet Explorer\iexplore.exe
5872 C:\Program Files\Internet Explorer\iexplore.exe
4684 C:\Windows\System32\audiodg.exe
4968 C:\Windows\System32\taskhost.exe
1092 C:\Program Files\Internet Explorer\iexplore.exe
504 C:\Windows\System32\taskeng.exe
4924 C:\Windows\System32\SearchProtocolHost.exe
204 C:\Windows\System32\SearchFilterHost.exe
2884 C:\Users\primary\Desktop\MBRCheck.exe
3260 C:\Windows\System32\conhost.exe
5824 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3263GSX, Rev: FG020M

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F7ED2365FD5579D16F2315F1490304F53A8A30C6


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


=================================================================


ComboFix 11-02-27.01 - primary 02/27/2011 20:10:40.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1833 [GMT -6:00]
Running from: c:\users\primary\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2011-01-28 to 2011-02-28 )))))))))))))))))))))))))))))))
.

2011-02-28 02:20 . 2011-02-28 02:20 -------- d-----w- c:\users\primary\AppData\Local\temp
2011-02-28 02:20 . 2011-02-28 02:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-26 16:15 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E21BE66-4F9B-4583-B261-0ED923F477E3}\mpengine.dll
2011-02-24 09:00 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-24 01:36 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-24 01:36 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-21 20:12 . 2011-02-21 20:32 -------- d-----w- c:\users\Public\School Bus Maps
2011-02-15 04:24 . 2011-02-15 04:24 -------- d-----w- c:\users\primary\AppData\Roaming\Malwarebytes
2011-02-15 04:24 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-15 04:24 . 2011-02-15 04:24 -------- d-----w- c:\programdata\Malwarebytes
2011-02-15 04:24 . 2011-02-15 04:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-15 04:24 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-14 04:51 . 2011-02-14 04:54 -------- d-----w- c:\users\Public\EVE Online Files
2011-02-09 00:50 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-02-09 00:50 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-02-09 00:50 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
2011-02-05 16:01 . 2011-02-05 16:01 -------- d-----w- C:\My Music
2011-01-30 20:57 . 2011-01-30 20:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 20:57 . 2011-01-30 20:57 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-28 00:08 . 2009-07-13 23:19 28240 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2011-02-02 23:11 . 2009-11-22 18:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-13 08:47 . 2010-12-16 01:54 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2009-11-23 12:52 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-11-23 12:52 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-11-23 12:52 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2009-11-23 12:52 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-11-23 12:52 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2009-11-23 12:52 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"Google Update"="c:\users\primary\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-08 135664]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="c:\program files\Steam\Steam.exe" [2010-12-02 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2009-12-15 976784]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-09-08 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-26 274608]

c:\users\primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AccuWeatherDesktop.lnk - c:\program files\AccuWeather\Desktop\AccuWeatherDesktop.exe [N/A]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-11-10 468272]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2009-08-12 54416]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [2009-08-12 160272]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [2009-08-12 160272]
R3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDUWFLT.sys [2009-08-12 11920]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2009-08-12 113680]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-06 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-21 32408]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-11 691696]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 185712]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-10-24 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-10-24 28800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 02:09]

2011-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 02:09]

2011-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3825601106-2848115462-3809073124-1000Core.job
- c:\users\primary\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 02:41]

2011-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3825601106-2848115462-3809073124-1000UA.job
- c:\users\primary\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 02:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\primary\AppData\Roaming\Mozilla\Firefox\Profiles\uhgthp4f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nasa.gov/multimedia/imagegallery/iotd.html
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: OnlyWire: {e26ba8db-a646-a44e-997c-2fafeadb50f2} - %profile%\extensions\{e26ba8db-a646-a44e-997c-2fafeadb50f2}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
SafeBoot-klmdb.sys
AddRemove-ENERGY project_is1 - c:\programs\Orbiter\unins002.exe
AddRemove-Fuel Service Stations_is1 - c:\programs\Orbiter\unins000.exe
AddRemove-Mir-2 space station_is1 - c:\programs\Orbiter\unins003.exe
AddRemove-Space Tankers_is1 - c:\programs\Orbiter\unins004.exe
AddRemove-Space Tugs_is1 - c:\programs\Orbiter\unins005.exe
AddRemove-Universal Cargo Deck_is1 - c:\programs\Orbiter\unins006.exe
AddRemove-Universal RMS_is1 - c:\programs\Orbiter\unins001.exe
AddRemove-Classic Wings Graf Zeppelin - c:\program files\Microsoft Games\Flight Simulator 9\Aircraft\Graf_Zeppelin\Uninstall Classic Wings Graf Zeppelin.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-27 20:23:49
ComboFix-quarantined-files.txt 2011-02-28 02:23

Pre-Run: 8,527,106,048 bytes free
Post-Run: 15,728,119,808 bytes free

- - End Of File - - 954A5431318287E773B29BBF26994968
 
Looks good :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL scan complete.

Computer doesn't seem to be running any different than it did before, but Avast! isn't popping up within a few minutes of booting up warning me about mssmbios.sys being infected, so I guess everything worked so far.

Here are the OTL logs:


=================================================================


OTL logfile created on: 2/27/2011 9:28:58 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\primary\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 242.17 Gb Total Space | 14.71 Gb Free Space | 6.08% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ROADWARRIOR-PC | User Name: primary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/27 21:26:57 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\primary\Desktop\OTL.exe
PRC - [2011/01/13 02:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 02:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/26 11:21:54 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/12/01 21:41:56 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2010/05/19 14:53:46 | 000,468,272 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
PRC - [2010/04/01 03:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/31 00:19:18 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009/12/15 09:46:48 | 000,976,784 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2009/11/08 21:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/13 00:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/13 00:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/08/21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/17 11:48:46 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/08/11 17:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/03 19:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/03 19:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/30 00:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/30 00:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 16:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 16:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/09/29 11:48:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
PRC - [2006/09/08 08:01:50 | 000,339,968 | R--- | M] () -- C:\Program Files\AGEIA Technologies\TrayIcon.exe


========== Modules (SafeList) ==========

MOD - [2011/02/27 21:26:57 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\primary\Desktop\OTL.exe
MOD - [2011/01/13 02:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/12/26 11:22:15 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/10/15 22:34:37 | 000,573,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 19:15:39 | 001,163,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
MOD - [2009/07/13 19:09:14 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcint.dll
MOD - [2009/06/10 15:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll
MOD - [2009/06/10 15:14:54 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 02:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/31 00:19:18 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/02/26 04:00:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/08 22:01:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/11 17:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/06 18:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/08/03 19:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/30 00:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 16:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/22 12:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/22 10:52:16 | 000,104,944 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/09/29 11:48:06 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 02:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 02:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 02:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 02:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 02:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/11 01:56:52 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/08 21:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/08/12 05:13:32 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2009/08/12 05:13:32 | 000,113,680 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2009/08/12 05:13:32 | 000,054,416 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2009/08/12 05:13:28 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2009/08/12 05:13:28 | 000,011,920 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWFLT.sys -- (PTDUWFLT)
DRV - [2009/08/05 20:04:04 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/30 18:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 13:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 16:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 16:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/07 09:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/19 20:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/05/05 01:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/08/22 10:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2007/06/02 14:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2004/10/24 07:11:00 | 000,028,800 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PPortJoy.sys -- (PPortJoystick)
DRV - [2004/10/24 07:11:00 | 000,013,952 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PPJoyBus.sys -- (PPJoyBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/26 11:22:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/26 11:22:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/26 21:42:00 | 000,000,000 | ---D | M]

[2010/05/01 19:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\primary\AppData\Roaming\Mozilla\Extensions
[2010/05/09 21:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\primary\AppData\Roaming\Mozilla\Firefox\Profiles\uhgthp4f.default\extensions
[2010/05/01 19:05:28 | 000,000,000 | ---D | M] (OnlyWire) -- C:\Users\primary\AppData\Roaming\Mozilla\Firefox\Profiles\uhgthp4f.default\extensions\{e26ba8db-a646-a44e-997c-2fafeadb50f2}
[2010/12/24 11:09:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/02/27 20:20:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MyTOSHIBA] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AccuWeatherDesktop.lnk = File not found
O4 - Startup: C:\Users\primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/02/01 11:26:54 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2005/01/26 14:42:47 | 000,000,039 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.mjpg - C:\windows\System32\pvmjpg30.dll (Pegasus Imaging Corporation)


========== Files/Folders - Created Within 30 Days ==========

[2011/02/27 21:26:48 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\primary\Desktop\OTL.exe
[2011/02/27 20:23:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/27 20:23:52 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/02/27 20:23:51 | 000,000,000 | ---D | C] -- C:\Users\primary\AppData\Local\temp
[2011/02/27 20:08:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/02/27 20:08:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/02/27 20:08:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/02/27 20:08:42 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/02/27 20:08:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/27 20:07:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/02/27 20:07:46 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/02/27 16:07:12 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\primary\Desktop\TFC.exe
[2011/02/26 21:41:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/02/21 11:09:14 | 001,372,248 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\primary\Desktop\TDSSKiller.exe
[2011/02/14 22:24:57 | 000,000,000 | ---D | C] -- C:\Users\primary\AppData\Roaming\Malwarebytes
[2011/02/14 22:24:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/02/14 22:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/14 22:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/14 22:24:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/02/14 22:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/05 10:01:48 | 000,000,000 | ---D | C] -- C:\My Music

========== Files - Modified Within 30 Days ==========

[2011/02/27 21:26:57 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\primary\Desktop\OTL.exe
[2011/02/27 21:00:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/27 20:45:15 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 20:45:15 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 20:43:26 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/02/27 20:43:26 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/02/27 20:40:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3825601106-2848115462-3809073124-1000UA.job
[2011/02/27 20:37:58 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/27 20:37:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/02/27 20:37:34 | 2211,577,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/27 20:20:18 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/02/27 20:02:43 | 004,276,140 | R--- | M] () -- C:\Users\primary\Desktop\ComboFix.exe
[2011/02/27 20:00:36 | 000,080,384 | ---- | M] () -- C:\Users\primary\Desktop\MBRCheck.exe
[2011/02/27 18:05:10 | 001,372,248 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\primary\Desktop\TDSSKiller.exe
[2011/02/27 16:08:23 | 000,624,128 | ---- | M] () -- C:\Users\primary\Desktop\dds.scr
[2011/02/27 16:07:46 | 000,296,448 | ---- | M] () -- C:\Users\primary\Desktop\0jdpc0gp.exe
[2011/02/27 16:07:23 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\primary\Desktop\TFC.exe
[2011/02/27 00:40:00 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3825601106-2848115462-3809073124-1000Core.job
[2011/02/26 21:42:01 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/02/17 19:36:15 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011/02/09 17:04:51 | 002,365,400 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/02/27 20:08:48 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/02/27 20:08:48 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/02/27 20:08:48 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/02/27 20:08:48 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/02/27 20:08:48 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/02/27 20:02:37 | 004,276,140 | R--- | C] () -- C:\Users\primary\Desktop\ComboFix.exe
[2011/02/27 20:00:33 | 000,080,384 | ---- | C] () -- C:\Users\primary\Desktop\MBRCheck.exe
[2011/02/27 16:08:07 | 000,624,128 | ---- | C] () -- C:\Users\primary\Desktop\dds.scr
[2011/02/27 16:07:43 | 000,296,448 | ---- | C] () -- C:\Users\primary\Desktop\0jdpc0gp.exe
[2010/11/03 19:37:24 | 000,002,425 | ---- | C] () -- C:\windows\cdplayer.ini
[2010/06/03 09:56:56 | 000,000,082 | ---- | C] () -- C:\windows\SimViewJr.ini
[2010/06/03 09:53:16 | 000,180,224 | ---- | C] () -- C:\windows\System32\mrvtcl.dll
[2010/06/03 09:52:17 | 000,001,287 | ---- | C] () -- C:\windows\SimView.ini
[2010/06/03 09:52:17 | 000,000,057 | ---- | C] () -- C:\windows\Jeppesen.ini
[2010/05/08 18:04:38 | 000,000,693 | ---- | C] () -- C:\Users\primary\AppData\Roaming\DriveCalculator Preferences
[2010/05/01 19:03:13 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010/03/22 23:37:39 | 000,000,061 | -HS- | C] () -- C:\windows\cnerolf.dat
[2010/03/06 21:39:48 | 000,000,666 | ---- | C] () -- C:\Users\primary\AppData\Roaming\wklnhst.dat
[2010/03/02 17:15:02 | 000,000,050 | ---- | C] () -- C:\windows\MegaManager.INI
[2009/12/18 23:15:14 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe
[2009/12/07 16:30:43 | 000,010,240 | ---- | C] () -- C:\windows\System32\vidx16.dll
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/11/22 17:50:20 | 000,000,083 | ---- | C] () -- C:\Users\primary\AppData\Local\X-Plane Installer.prf
[2009/11/22 11:59:01 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2009/10/29 00:27:27 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/10/29 00:06:00 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2009/10/29 00:06:00 | 000,000,176 | ---- | C] () -- C:\windows\System32\drivers\RTHDAEQ0.dat
[2009/10/28 23:57:31 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/09/01 23:22:18 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:33:53 | 002,365,400 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,624,178 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,106,522 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2007/01/26 02:04:12 | 000,138,752 | ---- | C] () -- C:\windows\System32\mase32.dll
[2007/01/26 02:04:12 | 000,027,648 | ---- | C] () -- C:\windows\System32\ma32.dll
[2006/09/28 13:55:34 | 000,053,248 | ---- | C] () -- C:\windows\System32\PhysXLoader.dll
[2006/09/26 13:01:40 | 000,045,056 | R--- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2003/05/01 12:44:34 | 000,040,960 | ---- | C] () -- C:\windows\System32\GaugeSound.dll

========== LOP Check ==========

[2010/11/06 18:49:37 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\Amazon
[2010/06/02 13:08:11 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\BitTorrent
[2010/05/11 02:07:44 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\DAEMON Tools Lite
[2009/11/24 08:32:11 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\DeLorme
[2010/12/16 22:18:20 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\DVDVideoSoft
[2010/08/29 11:43:06 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\EVEMon
[2010/05/02 12:13:07 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\FileZilla
[2010/02/07 14:18:43 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\ICAClient
[2010/04/03 16:08:43 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\KompoZer
[2010/04/14 15:33:27 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\LEGO Company
[2010/07/02 10:00:10 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\MyScribe
[2009/12/07 16:00:51 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\Opera
[2009/11/26 14:00:07 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\Stardock
[2010/04/04 23:49:15 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\Summitsoft
[2010/03/07 12:56:33 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\Template
[2010/03/01 16:58:30 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\TOSHIBA
[2010/05/20 20:08:50 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\UnitConverter
[2010/06/05 01:53:39 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\VAT-Spy
[2010/07/14 19:04:00 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\webex
[2009/11/22 12:05:05 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\WildTangent
[2009/11/22 11:58:40 | 000,000,000 | ---D | M] -- C:\Users\primary\AppData\Roaming\WinBatch
[2011/02/26 10:11:49 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 15:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/09/02 15:47:32 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/02/27 20:23:50 | 000,014,932 | ---- | M] () -- C:\ComboFix.txt
[2010/05/11 11:35:19 | 000,000,010 | RHS- | M] () -- C:\config.sys
[2009/10/14 07:02:32 | 000,360,056 | ---- | M] () -- C:\connectify_splash.bmp
[2011/02/27 20:37:34 | 2211,577,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/19 23:08:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/20 16:13:20 | 000,000,106 | ---- | M] () -- C:\Lab7_Ex1_test.txt
[2010/04/13 21:43:07 | 000,000,000 | ---- | M] () -- C:\mindrov.log
[2010/03/23 11:52:01 | 000,000,273 | ---- | M] () -- C:\Movies and Verizon Contact.txt
[2010/02/19 23:08:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/02/27 20:37:41 | 2948,771,840 | -HS- | M] () -- C:\pagefile.sys
[2011/02/27 18:06:54 | 000,070,014 | ---- | M] () -- C:\TDSSKiller.2.4.18.0_27.02.2011_18.05.48_log.txt
[2010/02/20 15:12:57 | 000,000,050 | ---- | M] () -- C:\TestCount.txt

< %systemroot%\Fonts\*.com >
[2009/07/13 22:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:31:19 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 19:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 19:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/01/13 02:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/22 23:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 22:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/22 12:30:28 | 000,000,221 | -HS- | M] () -- C:\Users\primary\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/02/27 16:07:46 | 000,296,448 | ---- | M] () -- C:\Users\primary\Desktop\0jdpc0gp.exe
[2011/02/27 20:02:43 | 004,276,140 | R--- | M] () -- C:\Users\primary\Desktop\ComboFix.exe
[2011/02/27 20:00:36 | 000,080,384 | ---- | M] () -- C:\Users\primary\Desktop\MBRCheck.exe
[2011/02/27 21:26:57 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\primary\Desktop\OTL.exe
[2010/03/30 23:13:53 | 003,649,108 | ---- | M] (web technology Corp.
http://www.webtech.co.jp/) -- C:\Users\primary\Desktop\pepakura_designer_en_v212_setup.exe
[2011/02/27 18:05:10 | 001,372,248 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\primary\Desktop\TDSSKiller.exe
[2011/02/27 16:07:23 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\primary\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/04 21:10:47 | 000,000,402 | -HS- | M] () -- C:\Users\primary\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[1998/09/02 02:46:12 | 000,075,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:EA029835
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5

< End of report >
 
Here is the OTL Extras log:


OTL Extras logfile created on: 2/27/2011 9:28:59 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\primary\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 242.17 Gb Total Space | 14.71 Gb Free Space | 6.08% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ROADWARRIOR-PC | User Name: primary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01177045-F0E3-4418-89B8-2EAA5707758C}" = Visual Studio Express Editions Registration Benefits Overview
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{04179174-F3AC-4CE6-BBBE-83B46D5041CB}" = SocialBot
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3F9FB449-93DB-4C47-BB5B-7334C4D1736E}" = SD Formatter
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61812F6F-0705-4B20-B914-32C1E3C155C7}" = SimCharts 3.0
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABA3523-4F11-4787-8839-C249BBF0B8D1}" = Rosetta Stone 2.2.0.0A
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{746773A4-9989-49E1-A409-A9B901D207FD}" = Armstrong Whitworth Ensign for FS2004
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{AEB95804-A937-49E6-940A-37A606C16D5D}" = DeLorme Street Atlas USA 2009 Plus
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
"{B4CACC9F-8367-4956-A10E-5E1A7559ED2E}" = VZAccess Manager
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC14E9A8-E41F-4345-BAB3-2EC6CC315085}" = Eraser 6.0.6.1376
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C13AF9C7-8E06-4354-B629-DF6192CE4A66}" = PANTECH UM175 Driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D12CD09C-BFEE-4B6F-A7F7-054AEA2E369C}" = Network Recording Player
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK Wireless LAN Driver
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DF6605-BE14-4F81-93B5-AC25CFA5EBFD}" = inSSIDer
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"7-Zip" = 7-Zip 4.65
"Active Camera 2004 2.1 for FS 2004 (updated to 9.1)" = Active Camera 2004 2.1 for FS 2004 (updated to 9.1)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"avast5" = avast! Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Big Rig Europe" = Big Rig Europe
"BitTorrent" = BitTorrent
"Check Version Utility_is1" = Check Version Ver 1.0.0
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combat Flight Simulator 3.0" = Microsoft Combat Flight Simulator 3.1
"Condor: The Competition Soaring Simulator" = Condor: The Competition Soaring Simulator 1.0.4
"Crimson Skies 1.0" = Microsoft Crimson Skies
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"EVE" = EVE Online (remove only)
"EVEMon" = EVEMon
"Ewisoft Website Builder (include eCommerce Builder)_is1" = Ewisoft Website Builder (include eCommerce Builder) Version 5
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"FileZilla Client" = FileZilla Client 3.3.1
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"FMS" = FMS
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.18
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Glacier Bay v2a_is1" = Glacier Bay v2a
"Glacier Bay v2b_is1" = Glacier Bay v2b
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Impulse" = Impulse
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{6ABA3523-4F11-4787-8839-C249BBF0B8D1}" = Rosetta Stone 2.2.0.0A
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Logo Design Studio Pro 3.5.0" = Logo Design Studio Pro
"Logo Design Studio The Big Concept Expansion Pack 1.0" = Logo Design Studio The Big Concept Expansion Pack
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MyScribe" = MyScribe
"Niche Research Commando_is1" = Niche Research Commando Ver 3.0.2
"NifSkope" = NifSkope (remove only)
"OFF Essential Multiplayer Files Autoinstaller_is1" = OFF MP Essential Files
"OFF_P3_is1" = Over Flanders Fields - Between Heaven and Hell - Update To V1.3
"Parallel Port Joystick" = Parallel Port Joystick
"PeerGuardian_is1" = PeerGuardian 2.0
"pepakura_designer2_en" = Pepakura Designer2
"PowerISO" = PowerISO
"QuickPar" = QuickPar 0.9
"RealPlayer 12.0" = RealPlayer
"Rhapsody" = Rhapsody
"Shotstone" = Shotstone
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Diplomacy" = Sins of a Solar Empire - Diplomacy
"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment
"SmartPropoPlus" = SmartPropoPlus
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"SquawkBox" = SquawkBox
"Steam App 24010" = RailWorks
"Steam App 8930" = Sid Meier's Civilization V
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VATSpy" = VAT-Spy
"VLC media player" = VLC media player 1.1.4
"VRC" = VRC
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Classic Wings Hindenburg Zeppelin" = Classic Wings Hindenburg Zeppelin
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 5/10/2010 1:19:06 AM | Computer Name = Roadwarrior-PC | Source = avast! | ID = 33554522
Description =

Error - 5/11/2010 8:46:04 PM | Computer Name = Roadwarrior-PC | Source = avast! | ID = 33554522
Description =

Error - 5/11/2010 9:03:22 PM | Computer Name = Roadwarrior-PC | Source = avast! | ID = 33554522
Description =

Error - 5/12/2010 12:19:41 AM | Computer Name = Roadwarrior-PC | Source = avast! | ID = 33554522
Description =

Error - 5/12/2010 12:21:26 AM | Computer Name = Roadwarrior-PC | Source = avast! | ID = 33554522
Description =

Error - 5/12/2010 4:47:52 AM | Computer Name = Roadwarrior-PC | Source = avast! | ID = 33554522
Description =

Error - 6/6/2010 2:48:08 AM | Computer Name = Roadwarrior-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 11/6/2010 8:05:10 PM | Computer Name = Roadwarrior-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/6/2010 8:05:10 PM | Computer Name = Roadwarrior-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/6/2010 8:17:11 PM | Computer Name = Roadwarrior-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/6/2010 8:17:11 PM | Computer Name = Roadwarrior-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/6/2010 9:17:14 PM | Computer Name = Roadwarrior-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/6/2010 9:17:14 PM | Computer Name = Roadwarrior-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/6/2010 9:17:14 PM | Computer Name = Roadwarrior-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/6/2010 9:17:14 PM | Computer Name = Roadwarrior-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/6/2010 9:17:14 PM | Computer Name = Roadwarrior-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/6/2010 9:17:14 PM | Computer Name = Roadwarrior-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 6/8/2010 4:08:29 PM | Computer Name = Roadwarrior-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 6/9/2010 12:02:22 AM | Computer Name = Roadwarrior-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 6/9/2010 1:49:37 PM | Computer Name = Roadwarrior-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 6/9/2010 1:49:37 PM | Computer Name = Roadwarrior-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 6/10/2010 12:24:16 AM | Computer Name = Roadwarrior-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 6/10/2010 12:17:29 PM | Computer Name = Roadwarrior-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 6/10/2010 12:23:02 PM | Computer Name = Roadwarrior-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 6/10/2010 12:23:02 PM | Computer Name = Roadwarrior-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 6/10/2010 12:27:00 PM | Computer Name = Roadwarrior-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 6/10/2010 12:27:00 PM | Computer Name = Roadwarrior-PC | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >
 
Good news :)

Please, don't wrap logs in quotes. Thanks.

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
    O4 - Startup: C:\Users\primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AccuWeatherDesktop.lnk = File not found
    O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:EA029835
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Okay, sorry 'bout the quotes thing. I'll get those scans done and try to get the logs posted tonight. I'm gonna have to go to bed shortly though for work. May have to finish this tomorrow evening.

Thanks for the help so far, by the way :grinthumb
 
Here's the latest OTL log. Now running the other scans and I'll post them when they are done.

=================================================================


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
C:\Users\primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AccuWeatherDesktop.lnk moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhap-app-4-0\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhapreg\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\ProgramData\TEMP:EA029835 deleted successfully.
ADS C:\ProgramData\TEMP:D74B6CF5 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: primary
->Temp folder emptied: 677660 bytes
->Temporary Internet Files folder emptied: 33076725 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1095 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 844 bytes
RecycleBin emptied: 716889 bytes

Total Files Cleaned = 33.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: primary
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 02272011_225822

Files\Folders moved on Reboot...
File\Folder C:\Users\primary\AppData\Local\Temp\~DF55B773B6426E4C42.TMP not found!
File\Folder C:\Users\primary\AppData\Local\Temp\~DF7A254586F7508474.TMP not found!
File\Folder C:\Users\primary\AppData\Local\Temp\~DF7FF71417B6BA609F.TMP not found!
File\Folder C:\Users\primary\AppData\Local\Temp\~DF9D51917C6793EF98.TMP not found!
File\Folder C:\Users\primary\AppData\Local\Temp\~DFD6137362F37B8148.TMP not found!
File\Folder C:\Users\primary\AppData\Local\Temp\~DFF562451C547839D5.TMP not found!
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B0KSV5RU\sh32[2].html moved successfully.
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8LULFQ18\crosspixel-dest[1].htm moved successfully.
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6VXQB9YT\8242921[1].htm moved successfully.
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6VXQB9YT\topic161791[2].html moved successfully.
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Security Check Log:
=================================================================


Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.2
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````


=================================================================


ESTScan:
=================================================================

C:\ProgramData\Alwil Software\Avast5\arpot\87223-7a0-0.dat Win32/Olmarik.ZC trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinFraudLoadedt.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Alwil Software\Avast5\arpot\87223-7a0-0.dat Win32/Olmarik.ZC trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinFraudLoadedt.zip Win32/Bagle.gen.zip worm
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

========================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    
    :Services
    
    :Reg
    
    :Files
    C:\ProgramData\Alwil Software\Avast5\arpot\87223-7a0-0.dat 
    C:\ProgramData\Spybot - Search & Destroy\Recovery\WinFraudLoadedt.zip 
    C:\Users\All Users\Alwil Software\Avast5\arpot\87223-7a0-0.dat 
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinFraudLoadedt.zip
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Last OTL log. Now I'm doing the final cleanup with OTL.


=================================================================



All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File move failed. C:\ProgramData\Alwil Software\Avast5\arpot\87223-7a0-0.dat scheduled to be moved on reboot.
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinFraudLoadedt.zip moved successfully.
File move failed. C:\Users\All Users\Alwil Software\Avast5\arpot\87223-7a0-0.dat scheduled to be moved on reboot.
File\Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinFraudLoadedt.zip not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: primary
->Temp folder emptied: 344700 bytes
->Temporary Internet Files folder emptied: 21234514 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 611 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5746 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 21.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: primary
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 02282011_210448

Files\Folders moved on Reboot...
File move failed. C:\ProgramData\Alwil Software\Avast5\arpot\87223-7a0-0.dat scheduled to be moved on reboot.
File move failed. C:\Users\All Users\Alwil Software\Avast5\arpot\87223-7a0-0.dat scheduled to be moved on reboot.
File\Folder C:\Users\primary\AppData\Local\Temp\~DF3EFCC245613B0CAE.TMP not found!
File\Folder C:\Users\primary\AppData\Local\Temp\~DF504BBA99359212BE.TMP not found!
File\Folder C:\Users\primary\AppData\Local\Temp\~DF82179952D379575F.TMP not found!
File\Folder C:\Users\primary\AppData\Local\Temp\~DF939A8B9F87DB27E4.TMP not found!
File\Folder C:\Users\primary\AppData\Local\Temp\~DFC30087817F3F150D.TMP not found!
File\Folder C:\Users\primary\AppData\Local\Temp\~DFEEC7A4A0AF8AE1D3.TMP not found!
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KN1QIN4O\crosspixel-dest[1].htm moved successfully.
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KN1QIN4O\mail[1].htm moved successfully.
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KN1QIN4O\mail[2].htm moved successfully.
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C58FPKPZ\mail[1].htm moved successfully.
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C58FPKPZ\topic161791[1].html moved successfully.
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\90Q9CYFI\3435013[1].htm moved successfully.
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\90Q9CYFI\mail[1].htm moved successfully.
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NT6K7KM\mail[1].htm moved successfully.
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NT6K7KM\sh32[1].html moved successfully.
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


=======================================================================
Here is the last OTL log, requested to remove the restore points.
=======================================================================


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: primary
->Temp folder emptied: 329691 bytes
->Temporary Internet Files folder emptied: 3921314 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: primary
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.22.2 log created on 02282011_211248

Files\Folders moved on Reboot...
File\Folder C:\Users\primary\AppData\Local\Temp\~DF0831531AEFBA2755.TMP not found!
File\Folder C:\Users\primary\AppData\Local\Temp\~DF37CB235C206C9F13.TMP not found!
File\Folder C:\Users\primary\AppData\Local\Temp\~DF7FBBD97448A261B6.TMP not found!
File\Folder C:\Users\primary\AppData\Local\Temp\~DFE24BCA67F690F361.TMP not found!
File\Folder C:\Users\primary\AppData\Local\Temp\~DFE8679D24AABE1852.TMP not found!
File\Folder C:\Users\primary\AppData\Local\Temp\~DFF5CB56286A7E226A.TMP not found!
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBDU4EGW\crosspixel-dest[1].htm moved successfully.
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5BZS7KGX\topic161791[1].html moved successfully.
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1G7MFHCN\5307347[1].htm moved successfully.
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1G7MFHCN\sh32[1].html moved successfully.
C:\Users\primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Sorry, was busy helping my brother with some late school work.

Computer seems to be running great. Avast! hasn't alerted me to any threats and even my Google redirects problem seems to have been fixed. Computer doesn't seem to run any faster or more stable, but then it never had problems in those areas anyway. I did notice we cleared up a full 9 gigs of space on the HD, which was great.
 
Status
Not open for further replies.
Back