Author Topic: [Resolved] Malware/Spyware Mayor problem, cant solve it or dont know what (Read 2053 times)

vivianaivett · « **Reply #15 on:** January 22, 2012, 10:51:26 PM »

I finished my list. Can I go to sleep now and you let me know tomorrow, the bad and the good news? or you need me to wait for you? I will wait for your answer now.

Bear · « **Reply #16 on:** January 23, 2012, 12:35:04 AM »

Hi Vivian

Good night. You will have some more instructions in the morning.

Bear · « **Reply #17 on:** January 23, 2012, 02:02:51 AM »

Hi Vivian

Found quite a bit of malware on your PC but not convinced that I have found the source yet.

1. Please go to start/control panel/add or remove programs and completely uninstall the following programs:
MarketResearch
Toolbox

2. Click on the following link and download AVG to your desktop AVG.

Double-click on the downloaded file to run it.

AVG will present you with three options to choose from. Choose the Uninstall option to completely uninstall AVG.

3. Double click on the OTL icon to run it again (Vista and Windows 7 users right click and select Run as Administrator). Make sure all other windows are closed and to let it run uninterrupted.

4. In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check". On the upper right be sure Use Company-Name WhiteList and Skip Microsoft Files are checked. Copy the code in the code box below and paste it into the Custom Scan box .

Code: [Select]

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2012/01/22 22:22:11 | 000,000,000 | ---D | C] -- C:\Users\Ivett\AppData\Local\{6F453F86-B14A-4535-9A15-04142AA33D75} 
[2012/01/22 22:21:50 | 000,000,000 | ---D | C] -- C:\Users\Ivett\AppData\Local\{3824C732-24A6-4A1C-A1B9-F7C281C8E54B}
[2012/01/22 15:05:36 | 000,000,000 | ---D | C] -- C:\Users\Ivett\AppData\Local\{63E21A07-9EB8-4FFB-972C-24A85A2A1146} 
[2012/01/21 19:32:51 | 000,000,000 | ---D | C] -- C:\Users\Ivett\AppData\Local\{25D83904-58EF-4E97-ADFE-24163CF676EA}
[2012/01/20 15:08:03 | 000,000,000 | ---D | C] -- C:\Users\Ivett\AppData\Local\{5E0238D0-4519-4B0C-A8C6-DCFC5543E0B3} 
[2012/01/20 15:07:46 | 000,000,000 | ---D | C] -- C:\Users\Ivett\AppData\Local\{31187927-52BE-4875-8118-696C19E4001D}
[2012/01/19 21:43:53 | 000,000,000 | ---D | C] -- C:\Users\Ivett\AppData\Roaming\DriverCure 
[2012/01/19 21:43:52 | 000,000,000 | ---D | C] -- C:\Users\Ivett\AppData\Roaming\PC Unleashed Online
[2012/01/19 19:13:05 | 000,000,000 | ---D | C] -- C:\Users\Ivett\AppData\Local\{AFE894DD-13DA-4A06-997A-1F59C5AA14ED} 
[2012/01/19 19:12:37 | 000,000,000 | ---D | C] -- C:\Users\Ivett\AppData\Local\{B120FD7F-86BF-4D6C-8CAA-32D13106D5F9}
[2012/01/18 17:33:37 | 000,000,000 | ---D | C] -- C:\Users\Ivett\AppData\Local\{2BE05D30-6689-425B-B643-D6395882F55F} 
[2012/01/18 17:33:17 | 000,000,000 | ---D | C] -- C:\Users\Ivett\AppData\Local\{4AA102CF-2DDD-4890-B21A-89DF348405CC} 
[2012/01/17 18:31:59 | 000,000,000 | ---D | C] -- C:\Users\Ivett\AppData\Local\{A4C335E4-8820-490F-BBC4-135103C017F5} 
[2012/01/17 18:31:29 | 000,000,000 | ---D | C] -- C:\Users\Ivett\AppData\Local\{23B54E61-877B-4EFA-B1C6-B20B5248BAAF}
[2012/01/17 17:10:14 | 000,000,000 | ---D | C] -- C:\Users\Ivett\AppData\Roaming\FixCleaner 
[2012/01/17 17:00:58 | 000,000,000 | ---D | C] -- C:\Users\Ivett\AppData\Roaming\Systweak 
[2012/01/17 17:00:42 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\windows\System32\roboot.exe 
[2012/01/17 15:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/01/07 21:21:52 | 000,000,000 | ---D | C] -- C:\Users\Ivett\AppData\Roaming\Uniblue 
[2012/01/07 21:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/01/06 18:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/01/17 14:22:12 | 000,007,487 | ---- | M] () -- C:\Users\Ivett\AppData\Local\2f20ea83
[2012/01/17 14:22:12 | 000,007,447 | ---- | M] () -- C:\Users\Ivett\AppData\Roaming\b72811bc 
[2012/01/17 14:22:12 | 000,007,436 | ---- | M] () -- C:\ProgramData\c5c43587
C:\windows\tasks\TuneUpMedic_scan_schedule_task_d42c7482-20ae-4a7c-8fde-4d6aeb8e2ca4.job
[2011/11/28 15:05:39 | 000,020,312 | ---- | C] () -- C:\windows\System32\RegistryDefragBootTime.exe 
[2011/06/20 16:42:38 | 000,009,818 | -HS- | C] () -- C:\Users\Ivett\AppData\Local\8sje7w155ff6j8864w0ec26634t8ymo2khv 
[2011/06/20 16:42:38 | 000,009,818 | -HS- | C] () -- C:\ProgramData\8sje7w155ff6j8864w0ec26634t8ymo2khv 
[2011/06/18 11:48:25 | 000,010,862 | -HS- | C] () -- C:\Users\Ivett\AppData\Local\fbqvkjri7s8e0w8k8uvp2lyp08j 
[2011/06/18 11:48:25 | 000,010,862 | -HS- | C] () -- C:\ProgramData\fbqvkjri7s8e0w8k8uvp2lyp08j
[2012/01/17 16:12:04 | 000,000,000 | ---D | M] -- C:\Users\Ivett\AppData\Roaming\AVG 
[2010/12/27 16:08:36 | 000,000,000 | ---D | M] -- C:\Users\Ivett\AppData\Roaming\AVG10
[2011/06/18 20:00:41 | 000,000,000 | ---D | M] -- C:\Users\Ivett\AppData\Roaming\Catalina Marketing Corp [2012/01/19 21:43:53 | 000,000,000 | ---D | M] -- C:\Users\Ivett\AppData\Roaming\DriverCure 
[2012/01/17 17:12:41 | 000,000,000 | ---D | M] -- C:\Users\Ivett\AppData\Roaming\FixCleaner 
[2011/11/28 14:41:35 | 000,000,000 | ---D | M] -- C:\Users\Ivett\AppData\Roaming\IObit 
[2012/01/19 21:43:52 | 000,000,000 | ---D | M] -- C:\Users\Ivett\AppData\Roaming\PC Unleashed Online 
[2011/06/20 20:15:17 | 000,000,000 | ---D | M] -- C:\Users\Ivett\AppData\Roaming\Sammsoft 
[2011/06/18 20:45:39 | 000,000,000 | ---D | M] -- C:\Users\Ivett\AppData\Roaming\spotmau 
[2012/01/18 22:09:09 | 000,000,000 | ---D | M] -- C:\Users\Ivett\AppData\Roaming\Systweak
[2012/01/07 21:21:52 | 000,000,000 | ---D | M] -- C:\Users\Ivett\AppData\Roaming\Uniblue
[2012/01/16 14:08:42 | 000,000,312 | ---- | M] () -- C:\windows\Tasks\TuneUpMedic_scan_schedule_task_d42c7482-20ae-4a7c-8fde-4d6aeb8e2ca4.job 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2



:FILES

:Commands
 [REBOOT]

5. Click on the Run Fix button. The fix log is saved on your C: drive under OTL\Moved Files as date-some number.log. Reboot you PC.

6. Now click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long. When the scan completes, it will open two notepad windows. OTL.Txt. These are saved in the same location as OTL.

Please read carefully and follow these steps:

7. Download TDSSKiller and save it to your Desktop.

8. Doubleclick on TDSSKiller.exe to run the application. Now click Start Scan.

9. Click on Change parameters and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

10. If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue.

Click on Reboot Now if you are asked to reboot the computer.

11. If reboot is NOT required, click on Report. Please copy that file. If a reboot IS required, the report can also be found in your root directory (usually C:\ folder). It's file name will take the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt]". Please copy that file.

As always please check to be sure Word Wrap is NOT turned on in any Notepad files you post and please be sure to check that all the data you entered was posted. If not, use multiple posts.

Now please post the following to me as a reply to this post:
OTL Fix Log
OTL.txt
TDSSKiller log
Let me know how your computer and browser are operating
If you have any questions or problems, let me know that as well

vivianaivett · « **Reply #18 on:** January 23, 2012, 05:42:57 PM »

Sorry about not responding. I went to sleep and then work and I just got home. I could not find any program on the uninstalled with those names but I did find some files that has that info in it but wont let me uninstalled.

I am going to start working with the rest now.

so much for all your work.

vivianaivett · « **Reply #19 on:** January 23, 2012, 06:12:42 PM »

AVG took me to a web site where took me to another that finally found free but took me to a free 30 days trial and I save it to my desktop and I double click and did not gave me any options but started to uninstall previous old files and then it tells me at the bottom to accept or declined the terms and I declined and got out of it. I dont know if this is ok or if I need to redo this again. Sorry.

vivianaivett · « **Reply #20 on:** January 23, 2012, 06:48:33 PM »

Now please post the following to me as a reply to this post:
OTL Fix Log
OTL.txt
TDSSKiller log

I finished my list and I want to check if you want me to post the report from TDSSKiller logs and Otl? I dont want to do it if you dont want me to.

vivianaivett · « **Reply #21 on:** January 23, 2012, 06:54:12 PM »

19:37:16.0946 2184   TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
19:37:17.0227 2184   ============================================================
19:37:17.0227 2184   Current date / time: 2012/01/23 19:37:17.0227
19:37:17.0227 2184   SystemInfo:
19:37:17.0227 2184
19:37:17.0227 2184   OS Version: 6.1.7601 ServicePack: 1.0
19:37:17.0227 2184   Product type: Workstation
19:37:17.0227 2184   ComputerName: IVETT-PC
19:37:17.0227 2184   UserName: Ivett
19:37:17.0227 2184   Windows directory: C:\windows
19:37:17.0227 2184   System windows directory: C:\windows
19:37:17.0227 2184   Processor architecture: Intel x86
19:37:17.0227 2184   Number of processors: 1
19:37:17.0227 2184   Page size: 0x1000
19:37:17.0227 2184   Boot type: Normal boot
19:37:17.0227 2184   ============================================================
19:37:19.0380 2184   Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:37:19.0427 2184   Initialize success
19:40:33.0601 3408   ============================================================
19:40:33.0601 3408   Scan started
19:40:33.0601 3408   Mode: Manual; SigCheck; TDLFS;
19:40:33.0601 3408   ============================================================
19:40:34.0193 3408   1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
19:40:34.0287 3408   1394ohci - ok
19:40:34.0443 3408   ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
19:40:34.0459 3408   ACPI - ok
19:40:34.0568 3408   AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
19:40:34.0630 3408   AcpiPmi - ok
19:40:34.0817 3408   adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
19:40:34.0849 3408   adp94xx - ok
19:40:35.0020 3408   adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
19:40:35.0051 3408   adpahci - ok
19:40:35.0192 3408   adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
19:40:35.0207 3408   adpu320 - ok
19:40:35.0379 3408   AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
19:40:35.0535 3408   AFD - ok
19:40:35.0738 3408   AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
19:40:35.0800 3408   AgereSoftModem - ok
19:40:35.0941 3408   agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
19:40:35.0972 3408   agp440 - ok
19:40:36.0097 3408   aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
19:40:36.0128 3408   aic78xx - ok
19:40:36.0253 3408   aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
19:40:36.0284 3408   aliide - ok
19:40:36.0409 3408   amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
19:40:36.0440 3408   amdagp - ok
19:40:36.0565 3408   amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
19:40:36.0580 3408   amdide - ok
19:40:36.0705 3408   AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
19:40:36.0783 3408   AmdK8 - ok
19:40:36.0908 3408   AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
19:40:36.0970 3408   AmdPPM - ok
19:40:37.0126 3408   amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
19:40:37.0142 3408   amdsata - ok
19:40:37.0298 3408   amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
19:40:37.0329 3408   amdsbs - ok
19:40:37.0469 3408   amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
19:40:37.0485 3408   amdxata - ok
19:40:37.0625 3408   AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
19:40:37.0672 3408   AppID - ok
19:40:37.0828 3408   arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
19:40:37.0844 3408   arc - ok
19:40:38.0000 3408   arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
19:40:38.0015 3408   arcsas - ok
19:40:38.0140 3408   AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
19:40:38.0203 3408   AsyncMac - ok
19:40:38.0343 3408   atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
19:40:38.0359 3408   atapi - ok
19:40:38.0655 3408   atikmdag (c97be8350fbcb1960b22fad2e6c2b514) C:\windows\system32\DRIVERS\atikmdag.sys
19:40:38.0858 3408   atikmdag - ok
19:40:38.0998 3408   AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys
19:40:39.0029 3408   AtiPcie - ok
19:40:39.0185 3408   b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
19:40:39.0263 3408   b06bdrv - ok
19:40:39.0404 3408   b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
19:40:39.0435 3408   b57nd60x - ok
19:40:39.0607 3408   Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
19:40:39.0685 3408   Beep - ok
19:40:39.0841 3408   blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
19:40:39.0887 3408   blbdrive - ok
19:40:40.0028 3408   bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
19:40:40.0059 3408   bowser - ok
19:40:40.0184 3408   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:40:40.0231 3408   BrFiltLo - ok
19:40:40.0371 3408   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:40:40.0433 3408   BrFiltUp - ok
19:40:40.0589 3408   Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
19:40:40.0636 3408   Brserid - ok
19:40:40.0777 3408   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
19:40:40.0855 3408   BrSerWdm - ok
19:40:40.0979 3408   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
19:40:41.0042 3408   BrUsbMdm - ok
19:40:41.0167 3408   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
19:40:41.0213 3408   BrUsbSer - ok
19:40:41.0369 3408   BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
19:40:41.0432 3408   BTHMODEM - ok
19:40:41.0588 3408   BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\windows\system32\drivers\BVRPMPR5.SYS
19:40:41.0619 3408   BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
19:40:41.0619 3408   BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
19:40:41.0744 3408   cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
19:40:41.0806 3408   cdfs - ok
19:40:41.0931 3408   cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
19:40:41.0978 3408   cdrom - ok
19:40:42.0134 3408   circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
19:40:42.0181 3408   circlass - ok
19:40:42.0305 3408   CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
19:40:42.0337 3408   CLFS - ok
19:40:42.0493 3408   CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
19:40:42.0539 3408   CmBatt - ok
19:40:42.0664 3408   cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
19:40:42.0680 3408   cmdide - ok
19:40:42.0805 3408   CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
19:40:42.0836 3408   CNG - ok
19:40:43.0023 3408   Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
19:40:43.0039 3408   Compbatt - ok
19:40:43.0164 3408   CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
19:40:43.0210 3408   CompositeBus - ok
19:40:43.0382 3408   crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
19:40:43.0398 3408   crcdisk - ok
19:40:43.0569 3408   DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
19:40:43.0616 3408   DfsC - ok
19:40:43.0788 3408   discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
19:40:43.0850 3408   discache - ok
19:40:43.0975 3408   Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
19:40:44.0006 3408   Disk - ok
19:40:44.0162 3408   Dot4 (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys
19:40:44.0209 3408   Dot4 - ok
19:40:44.0349 3408   Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\drivers\Dot4Prt.sys
19:40:44.0396 3408   Dot4Print - ok
19:40:44.0521 3408   dot4usb (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys
19:40:44.0583 3408   dot4usb - ok
19:40:44.0724 3408   drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
19:40:44.0770 3408   drmkaud - ok
19:40:44.0926 3408   DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
19:40:44.0958 3408   DXGKrnl - ok
19:40:45.0192 3408   ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
19:40:45.0332 3408   ebdrv - ok
19:40:45.0488 3408   elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
19:40:45.0519 3408   elxstor - ok
19:40:45.0613 3408   ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
19:40:45.0660 3408   ErrDev - ok
19:40:45.0816 3408   exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
19:40:45.0878 3408   exfat - ok
19:40:46.0003 3408   fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
19:40:46.0065 3408   fastfat - ok
19:40:46.0206 3408   fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
19:40:46.0268 3408   fdc - ok
19:40:46.0408 3408   FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
19:40:46.0424 3408   FileInfo - ok
19:40:46.0564 3408   Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
19:40:46.0627 3408   Filetrace - ok
19:40:46.0767 3408   flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
19:40:46.0798 3408   flpydisk - ok
19:40:46.0954 3408   FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
19:40:46.0986 3408   FltMgr - ok
19:40:47.0126 3408   FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
19:40:47.0157 3408   FsDepends - ok
19:40:47.0298 3408   fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
19:40:47.0313 3408   fssfltr - ok
19:40:47.0454 3408   Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
19:40:47.0469 3408   Fs_Rec - ok
19:40:47.0625 3408   fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
19:40:47.0656 3408   fvevol - ok
19:40:47.0781 3408   gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
19:40:47.0812 3408   gagp30kx - ok
19:40:47.0968 3408   hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
19:40:48.0046 3408   hcw85cir - ok
19:40:48.0249 3408   HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
19:40:48.0296 3408   HdAudAddService - ok
19:40:48.0421 3408   HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
19:40:48.0483 3408   HDAudBus - ok
19:40:48.0608 3408   HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
19:40:48.0639 3408   HidBatt - ok
19:40:48.0780 3408   HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
19:40:48.0826 3408   HidBth - ok
19:40:48.0982 3408   HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
19:40:49.0045 3408   HidIr - ok
19:40:49.0185 3408   HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
19:40:49.0232 3408   HidUsb - ok
19:40:49.0419 3408   HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
19:40:49.0435 3408   HpSAMD - ok
19:40:49.0622 3408   HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
19:40:49.0669 3408   HTTP - ok
19:40:49.0809 3408   hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
19:40:49.0825 3408   hwpolicy - ok
19:40:49.0965 3408   i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
19:40:50.0012 3408   i8042prt - ok
19:40:50.0168 3408   iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
19:40:50.0199 3408   iaStorV - ok
19:40:50.0355 3408   iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
19:40:50.0371 3408   iirsp - ok
19:40:50.0574 3408   IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
19:40:50.0667 3408   IntcAzAudAddService - ok
19:40:50.0808 3408   intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
19:40:50.0823 3408   intelide - ok
19:40:50.0995 3408   intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
19:40:51.0026 3408   intelppm - ok
19:40:51.0182 3408   IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:40:51.0260 3408   IpFilterDriver - ok
19:40:51.0400 3408   IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
19:40:51.0447 3408   IPMIDRV - ok
19:40:51.0588 3408   IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
19:40:51.0650 3408   IPNAT - ok
19:40:51.0822 3408   IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
19:40:51.0868 3408   IRENUM - ok
19:40:52.0009 3408   isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
19:40:52.0024 3408   isapnp - ok
19:40:52.0165 3408   iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
19:40:52.0196 3408   iScsiPrt - ok
19:40:52.0321 3408   kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
19:40:52.0336 3408   kbdclass - ok
19:40:52.0477 3408   kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
19:40:52.0524 3408   kbdhid - ok
19:40:52.0664 3408   KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
19:40:52.0680 3408   KSecDD - ok
19:40:52.0789 3408   KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
19:40:52.0820 3408   KSecPkg - ok
19:40:52.0976 3408   LeapFrog-USBLAN (5cffda921fe0c9e9ebde3150d3c81594) C:\windows\system32\DRIVERS\btblan.sys
19:40:53.0054 3408   LeapFrog-USBLAN - ok
19:40:53.0179 3408   lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
19:40:53.0272 3408   lltdio - ok
19:40:53.0460 3408   LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys
19:40:53.0475 3408   LPCFilter - ok
19:40:53.0631 3408   LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
19:40:53.0647 3408   LSI_FC - ok
19:40:53.0772 3408   LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
19:40:53.0803 3408   LSI_SAS - ok
19:40:53.0928 3408   LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:40:53.0959 3408   LSI_SAS2 - ok
19:40:54.0084 3408   LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:40:54.0099 3408   LSI_SCSI - ok
19:40:54.0255 3408   luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
19:40:54.0318 3408   luafv - ok
19:40:54.0474 3408   megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
19:40:54.0489 3408   megasas - ok
19:40:54.0661 3408   MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
19:40:54.0692 3408   MegaSR - ok
19:40:54.0848 3408   Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
19:40:54.0926 3408   Modem - ok
19:40:55.0066 3408   monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
19:40:55.0113 3408   monitor - ok
19:40:55.0238 3408   mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
19:40:55.0316 3408   mouclass - ok
19:40:55.0425 3408   mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
19:40:55.0488 3408   mouhid - ok
19:40:55.0612 3408   mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
19:40:55.0644 3408   mountmgr - ok
19:40:55.0815 3408   MpFilter (fee0baded54222e9f1dae9541212aab1) C:\windows\system32\DRIVERS\MpFilter.sys
19:40:55.0831 3408   MpFilter - ok
19:40:55.0956 3408   mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
19:40:55.0987 3408   mpio - ok
19:40:56.0143 3408   MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\windows\system32\DRIVERS\MpNWMon.sys
19:40:56.0158 3408   MpNWMon - ok
19:40:56.0299 3408   mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
19:40:56.0392 3408   mpsdrv - ok
19:40:56.0533 3408   MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
19:40:56.0580 3408   MRxDAV - ok
19:40:56.0720 3408   mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
19:40:56.0782 3408   mrxsmb - ok
19:40:56.0923 3408   mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:40:56.0954 3408   mrxsmb10 - ok
19:40:57.0063 3408   mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:40:57.0094 3408   mrxsmb20 - ok
19:40:57.0266 3408   msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
19:40:57.0282 3408   msahci - ok
19:40:57.0422 3408   msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
19:40:57.0453 3408   msdsm - ok
19:40:57.0609 3408   Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
19:40:57.0656 3408   Msfs - ok
19:40:57.0781 3408   mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
19:40:57.0859 3408   mshidkmdf - ok
19:40:57.0999 3408   msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
19:40:58.0015 3408   msisadrv - ok
19:40:58.0155 3408   MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
19:40:58.0233 3408   MSKSSRV - ok
19:40:58.0358 3408   MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
19:40:58.0436 3408   MSPCLOCK - ok
19:40:58.0576 3408   MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
19:40:58.0639 3408   MSPQM - ok
19:40:58.0779 3408   MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
19:40:58.0795 3408   MsRPC - ok
19:40:58.0935 3408   mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
19:40:58.0966 3408   mssmbios - ok
19:40:59.0076 3408   MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
19:40:59.0154 3408   MSTEE - ok
19:40:59.0294 3408   MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
19:40:59.0341 3408   MTConfig - ok
19:40:59.0466 3408   Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
19:40:59.0497 3408   Mup - ok
19:40:59.0637 3408   NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
19:40:59.0684 3408   NativeWifiP - ok
19:40:59.0871 3408   NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
19:40:59.0902 3408   NDIS - ok
19:41:00.0027 3408   NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
19:41:00.0105 3408   NdisCap - ok
19:41:00.0261 3408   NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
19:41:00.0355 3408   NdisTapi - ok
19:41:00.0480 3408   Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
19:41:00.0558 3408   Ndisuio - ok
19:41:00.0682 3408   NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
19:41:00.0745 3408   NdisWan - ok
19:41:00.0901 3408   NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
19:41:00.0948 3408   NDProxy - ok
19:41:01.0088 3408   NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
19:41:01.0166 3408   NetBIOS - ok
19:41:01.0291 3408   NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
19:41:01.0369 3408   NetBT - ok
19:41:01.0556 3408   nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
19:41:01.0572 3408   nfrd960 - ok
19:41:01.0712 3408   NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\windows\system32\DRIVERS\NisDrvWFP.sys
19:41:01.0728 3408   NisDrv - ok
19:41:01.0868 3408   Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
19:41:01.0915 3408   Npfs - ok
19:41:02.0055 3408   nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
19:41:02.0118 3408   nsiproxy - ok
19:41:02.0305 3408   Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
19:41:02.0352 3408   Ntfs - ok
19:41:02.0476 3408   Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
19:41:02.0523 3408   Null - ok
19:41:02.0664 3408   nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
19:41:02.0695 3408   nvraid - ok
19:41:02.0804 3408   nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
19:41:02.0835 3408   nvstor - ok
19:41:02.0960 3408   nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
19:41:02.0976 3408   nv_agp - ok
19:41:03.0116 3408   ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
19:41:03.0163 3408   ohci1394 - ok
19:41:03.0334 3408   Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
19:41:03.0366 3408   Parport - ok
19:41:03.0490 3408   partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
19:41:03.0522 3408   partmgr - ok
19:41:03.0662 3408   Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
19:41:03.0693 3408   Parvdm - ok
19:41:03.0865 3408   pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
19:41:03.0880 3408   pci - ok
19:41:04.0021 3408   pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
19:41:04.0036 3408   pciide - ok
19:41:04.0161 3408   pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
19:41:04.0192 3408   pcmcia - ok
19:41:04.0317 3408   pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
19:41:04.0348 3408   pcw - ok
19:41:04.0489 3408   PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
19:41:04.0536 3408   PEAUTH - ok
19:41:04.0754 3408   PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
19:41:04.0832 3408   PptpMiniport - ok
19:41:04.0957 3408   Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
19:41:05.0019 3408   Processor - ok
19:41:05.0160 3408   Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
19:41:05.0238 3408   Psched - ok
19:41:05.0409 3408   ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
19:41:05.0456 3408   ql2300 - ok
19:41:05.0596 3408   ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
19:41:05.0612 3408   ql40xx - ok
19:41:05.0752 3408   QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
19:41:05.0784 3408   QWAVEdrv - ok
19:41:05.0908 3408   RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
19:41:05.0986 3408   RasAcd - ok
19:41:06.0174 3408   RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
19:41:06.0252 3408   RasAgileVpn - ok
19:41:06.0392 3408   Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
19:41:06.0470 3408   Rasl2tp - ok
19:41:06.0626 3408   RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
19:41:06.0673 3408   RasPppoe - ok
19:41:06.0829 3408   RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
19:41:06.0891 3408   RasSstp - ok
19:41:07.0047 3408   rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
19:41:07.0094 3408   rdbss - ok
19:41:07.0219 3408   rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
19:41:07.0250 3408   rdpbus - ok
19:41:07.0375 3408   RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
19:41:07.0437 3408   RDPCDD - ok
19:41:07.0562 3408   RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
19:41:07.0609 3408   RDPENCDD - ok
19:41:07.0749 3408   RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
19:41:07.0796 3408   RDPREFMP - ok
19:41:07.0936 3408   RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
19:41:07.0999 3408   RDPWD - ok
19:41:08.0139 3408   rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
19:41:08.0170 3408   rdyboost - ok
19:41:08.0326 3408   RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\windows\system32\Drivers\RimUsb.sys
19:41:08.0404 3408   RimUsb - ok
19:41:08.0560 3408   rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
19:41:08.0623 3408   rspndr - ok
19:41:08.0716 3408   RSUSBSTOR - ok
19:41:08.0857 3408   RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys
19:41:08.0935 3408   RTL8167 - ok
19:41:09.0075 3408   RTL8187Se (e48daf453d773a89a44134ce4ba9af44) C:\windows\system32\DRIVERS\RTL8187Se.sys
19:41:09.0169 3408   RTL8187Se - ok
19:41:09.0262 3408   RtsUIR - ok
19:41:09.0403 3408   sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
19:41:09.0418 3408   sbp2port - ok
19:41:09.0559 3408   scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
19:41:09.0606 3408   scfilter - ok
19:41:09.0762 3408   secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
19:41:09.0824 3408   secdrv - ok
19:41:09.0996 3408   Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
19:41:10.0027 3408   Serenum - ok
19:41:10.0152 3408   Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
19:41:10.0183 3408   Serial - ok
19:41:10.0339 3408   sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
19:41:10.0386 3408   sermouse - ok
19:41:10.0526 3408   sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
19:41:10.0651 3408   sffdisk - ok
19:41:10.0838 3408   sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
19:41:10.0854 3408   sffp_mmc - ok
19:41:10.0978 3408   sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
19:41:11.0041 3408   sffp_sd - ok
19:41:11.0181 3408   sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
19:41:11.0228 3408   sfloppy - ok
19:41:11.0384 3408   sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
19:41:11.0415 3408   sisagp - ok
19:41:11.0540 3408   SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:41:11.0556 3408   SiSRaid2 - ok
19:41:11.0680 3408   SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
19:41:11.0712 3408   SiSRaid4 - ok
19:41:11.0868 3408   Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
19:41:11.0914 3408   Smb - ok
19:41:12.0055 3408   spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
19:41:12.0070 3408   spldr - ok
19:41:12.0226 3408   srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
19:41:12.0273 3408   srv - ok
19:41:12.0414 3408   srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
19:41:12.0445 3408   srv2 - ok
19:41:12.0570 3408   srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
19:41:12.0632 3408   srvnet - ok
19:41:12.0772 3408   stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
19:41:12.0788 3408   stexstor - ok
19:41:12.0944 3408   swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
19:41:12.0960 3408   swenum - ok
19:41:13.0147 3408   SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
19:41:13.0162 3408   SynTP - ok
19:41:13.0381 3408   Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
19:41:13.0428 3408   Tcpip - ok
19:41:13.0599 3408   TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
19:41:13.0630 3408   TCPIP6 - ok
19:41:13.0771 3408   tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
19:41:13.0818 3408   tcpipreg - ok
19:41:13.0974 3408   tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
19:41:13.0989 3408   tdcmdpst - ok
19:41:14.0114 3408   TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
19:41:14.0176 3408   TDPIPE - ok
19:41:14.0317 3408   TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
19:41:14.0395 3408   TDTCP - ok
19:41:14.0520 3408   tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
19:41:14.0582 3408   tdx - ok
19:41:14.0722 3408   TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
19:41:14.0754 3408   TermDD - ok
19:41:14.0972 3408   TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
19:41:15.0003 3408   TrueSight ( UnsignedFile.Multi.Generic ) - warning
19:41:15.0003 3408   TrueSight - detected UnsignedFile.Multi.Generic (1)
19:41:15.0159 3408   tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
19:41:15.0237 3408   tssecsrv - ok
19:41:15.0362 3408   TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
19:41:15.0393 3408   TsUsbFlt - ok
19:41:15.0549 3408   tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
19:41:15.0690 3408   tunnel - ok
19:41:15.0846 3408   TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:41:15.0861 3408   TVALZ - ok
19:41:16.0017 3408   uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
19:41:16.0048 3408   uagp35 - ok
19:41:16.0189 3408   udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
19:41:16.0251 3408   udfs - ok
19:41:16.0392 3408   uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
19:41:16.0423 3408   uliagpkx - ok
19:41:16.0548 3408   umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
19:41:16.0594 3408   umbus - ok
19:41:16.0719 3408   UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
19:41:16.0750 3408   UmPass - ok
19:41:16.0891 3408   usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
19:41:16.0922 3408   usbccgp - ok
19:41:17.0016 3408   USBCCID - ok
19:41:17.0125 3408   usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
19:41:17.0156 3408   usbcir - ok
19:41:17.0281 3408   usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
19:41:17.0312 3408   usbehci - ok
19:41:17.0452 3408   usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
19:41:17.0499 3408   usbhub - ok
19:41:17.0655 3408   usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\DRIVERS\usbohci.sys
19:41:17.0702 3408   usbohci - ok
19:41:17.0842 3408   usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
19:41:17.0905 3408   usbprint - ok
19:41:18.0014 3408   usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
19:41:18.0076 3408   usbscan - ok
19:41:18.0217 3408   USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:41:18.0295 3408   USBSTOR - ok
19:41:18.0420 3408   usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
19:41:18.0466 3408   usbuhci - ok
19:41:18.0607 3408   vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
19:41:18.0622 3408   vdrvroot - ok
19:41:18.0778 3408   vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
19:41:18.0841 3408   vga - ok
19:41:18.0966 3408   VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
19:41:18.0997 3408   VgaSave - ok
19:41:19.0122 3408   vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
19:41:19.0153 3408   vhdmp - ok
19:41:19.0278 3408   viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
19:41:19.0293 3408   viaagp - ok
19:41:19.0434 3408   ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
19:41:19.0480 3408   ViaC7 - ok
19:41:19.0605 3408   viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
19:41:19.0621 3408   viaide - ok
19:41:19.0746 3408   volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
19:41:19.0761 3408   volmgr - ok
19:41:19.0902 3408   volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
19:41:19.0933 3408   volmgrx - ok
19:41:20.0073 3408   volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
19:41:20.0089 3408   volsnap - ok
19:41:20.0214 3408   vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
19:41:20.0245 3408   vsmraid - ok
19:41:20.0385 3408   vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
19:41:20.0432 3408   vwifibus - ok
19:41:20.0588 3408   vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
19:41:20.0604 3408   vwififlt - ok
19:41:20.0775 3408   WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
19:41:20.0838 3408   WacomPen - ok
19:41:20.0962 3408   WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
19:41:21.0025 3408   WANARP - ok
19:41:21.0040 3408   Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
19:41:21.0072 3408   Wanarpv6 - ok
19:41:21.0259 3408   Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
19:41:21.0259 3408   Wd - ok
19:41:21.0415 3408   Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
19:41:21.0446 3408   Wdf01000 - ok
19:41:21.0602 3408   WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
19:41:21.0633 3408   WfpLwf - ok
19:41:21.0758 3408   WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
19:41:21.0774 3408   WIMMount - ok
19:41:21.0976 3408   WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
19:41:22.0023 3408   WmiAcpi - ok
19:41:22.0195 3408   ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
19:41:22.0257 3408   ws2ifsl - ok
19:41:22.0429 3408   WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
19:41:22.0491 3408   WudfPf - ok
19:41:22.0554 3408   MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:41:23.0458 3408   \Device\Harddisk0\DR0 - ok
19:41:23.0521 3408   Boot (0x1200) (d3d7be52a601234197775f17478fffea) \Device\Harddisk0\DR0\Partition0
19:41:23.0521 3408   \Device\Harddisk0\DR0\Partition0 - ok
19:41:23.0536 3408   ============================================================
19:41:23.0536 3408   Scan finished
19:41:23.0536 3408   ============================================================
19:41:23.0568 2596   Detected object count: 2
19:41:23.0568 2596   Actual detected object count: 2
19:41:49.0651 2596   BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:49.0651 2596   BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:49.0651 2596   TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:49.0651 2596   TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:40.0476 3472   Deinitialize success

vivianaivett · « **Reply #22 on:** January 23, 2012, 06:58:03 PM »

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Ivett\AppData\Local\{6F453F86-B14A-4535-9A15-04142AA33D75} folder moved successfully.
C:\Users\Ivett\AppData\Local\{3824C732-24A6-4A1C-A1B9-F7C281C8E54B} folder moved successfully.
C:\Users\Ivett\AppData\Local\{63E21A07-9EB8-4FFB-972C-24A85A2A1146} folder moved successfully.
C:\Users\Ivett\AppData\Local\{25D83904-58EF-4E97-ADFE-24163CF676EA} folder moved successfully.
C:\Users\Ivett\AppData\Local\{5E0238D0-4519-4B0C-A8C6-DCFC5543E0B3} folder moved successfully.
C:\Users\Ivett\AppData\Local\{31187927-52BE-4875-8118-696C19E4001D} folder moved successfully.
C:\Users\Ivett\AppData\Roaming\DriverCure folder moved successfully.
C:\Users\Ivett\AppData\Roaming\PC Unleashed Online\PC Unleashed folder moved successfully.
C:\Users\Ivett\AppData\Roaming\PC Unleashed Online folder moved successfully.
C:\Users\Ivett\AppData\Local\{AFE894DD-13DA-4A06-997A-1F59C5AA14ED} folder moved successfully.
C:\Users\Ivett\AppData\Local\{B120FD7F-86BF-4D6C-8CAA-32D13106D5F9} folder moved successfully.
C:\Users\Ivett\AppData\Local\{2BE05D30-6689-425B-B643-D6395882F55F} folder moved successfully.
C:\Users\Ivett\AppData\Local\{4AA102CF-2DDD-4890-B21A-89DF348405CC} folder moved successfully.
C:\Users\Ivett\AppData\Local\{A4C335E4-8820-490F-BBC4-135103C017F5} folder moved successfully.
C:\Users\Ivett\AppData\Local\{23B54E61-877B-4EFA-B1C6-B20B5248BAAF} folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner\Results folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner\QuarantineW\2012-01-17 19-48-140 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner\QuarantineW\2012-01-17 17-13-380 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner\QuarantineW\2012-01-17 17-13-280 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner\QuarantineW\2012-01-17 17-12-410 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner\QuarantineW folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner\PCOBackups folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner\Logs folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner folder moved successfully.
C:\Users\Ivett\AppData\Roaming\Systweak folder moved successfully.
C:\Windows\System32\roboot.exe moved successfully.
C:\ProgramData\Avira folder moved successfully.
C:\Users\Ivett\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Ivett\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Ivett\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Ivett\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Ivett\AppData\Roaming\Uniblue folder moved successfully.
C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} folder moved successfully.
C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\SecurityScanner\McUICnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\SecurityScanner folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\SSScheduler folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\McUICnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\McCHSvc folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\McUICnt\McUICnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\McUICnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\McInst folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\Common\McCHSvc folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\Common folder moved successfully.
C:\ProgramData\McAfee\MCLOGS folder moved successfully.
C:\ProgramData\McAfee folder moved successfully.
C:\Users\Ivett\AppData\Local\2f20ea83 moved successfully.
C:\Users\Ivett\AppData\Roaming\b72811bc moved successfully.
C:\ProgramData\c5c43587 moved successfully.
C:\Windows\System32\RegistryDefragBootTime.exe moved successfully.
C:\Users\Ivett\AppData\Local\8sje7w155ff6j8864w0ec26634t8ymo2khv moved successfully.
C:\ProgramData\8sje7w155ff6j8864w0ec26634t8ymo2khv moved successfully.
C:\Users\Ivett\AppData\Local\fbqvkjri7s8e0w8k8uvp2lyp08j moved successfully.
C:\ProgramData\fbqvkjri7s8e0w8k8uvp2lyp08j moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG\Rescue\PC Tuneup 2011 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG\Rescue folder moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG\PC Tuneup 2011\User Reports folder moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG\PC Tuneup 2011 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG\PC Tuneup\Logs folder moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG\PC Tuneup folder moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG\Disk Cleaner\User Reports folder moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG\Disk Cleaner folder moved successfully.
Folder move failed. C:\Users\Ivett\AppData\Roaming\AVG scheduled to be moved on reboot.
C:\Users\Ivett\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG10 folder moved successfully.
Folder C:\Users\Ivett\AppData\Roaming\Catalina Marketing Corp [2012/01/19 21:43:53 | 000,000,000 | ---D | M] -- C:\Users\Ivett\AppData\Roaming\DriverCure\ not found.
Folder C:\Users\Ivett\AppData\Roaming\FixCleaner\ not found.
C:\Users\Ivett\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\Startup Manager folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\Smart RAM folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\PrivacySweeper folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\Log folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\DiskCheck folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\Disk Cleaner folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\Backup folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V4\Toolbox folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V4\PMonitor folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V4\Log folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V4\Backup folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V4 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit folder moved successfully.
Folder C:\Users\Ivett\AppData\Roaming\PC Unleashed Online\ not found.
C:\Users\Ivett\AppData\Roaming\Sammsoft folder moved successfully.
C:\Users\Ivett\AppData\Roaming\spotmau\WinCare2010\Startup Baks folder moved successfully.
C:\Users\Ivett\AppData\Roaming\spotmau\WinCare2010 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\spotmau folder moved successfully.
Folder C:\Users\Ivett\AppData\Roaming\Systweak\ not found.
Folder C:\Users\Ivett\AppData\Roaming\Uniblue\ not found.
C:\Windows\Tasks\TuneUpMedic_scan_schedule_task_d42c7482-20ae-4a7c-8fde-4d6aeb8e2ca4.job moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 01232012_192708

Files\Folders moved on Reboot...
C:\Users\Ivett\AppData\Roaming\AVG folder moved successfully.

Registry entries deleted on Reboot...

vivianaivett · « **Reply #23 on:** January 23, 2012, 07:10:39 PM »

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Ivett\AppData\Local\{6F453F86-B14A-4535-9A15-04142AA33D75} folder moved successfully.
C:\Users\Ivett\AppData\Local\{3824C732-24A6-4A1C-A1B9-F7C281C8E54B} folder moved successfully.
C:\Users\Ivett\AppData\Local\{63E21A07-9EB8-4FFB-972C-24A85A2A1146} folder moved successfully.
C:\Users\Ivett\AppData\Local\{25D83904-58EF-4E97-ADFE-24163CF676EA} folder moved successfully.
C:\Users\Ivett\AppData\Local\{5E0238D0-4519-4B0C-A8C6-DCFC5543E0B3} folder moved successfully.
C:\Users\Ivett\AppData\Local\{31187927-52BE-4875-8118-696C19E4001D} folder moved successfully.
C:\Users\Ivett\AppData\Roaming\DriverCure folder moved successfully.
C:\Users\Ivett\AppData\Roaming\PC Unleashed Online\PC Unleashed folder moved successfully.
C:\Users\Ivett\AppData\Roaming\PC Unleashed Online folder moved successfully.
C:\Users\Ivett\AppData\Local\{AFE894DD-13DA-4A06-997A-1F59C5AA14ED} folder moved successfully.
C:\Users\Ivett\AppData\Local\{B120FD7F-86BF-4D6C-8CAA-32D13106D5F9} folder moved successfully.
C:\Users\Ivett\AppData\Local\{2BE05D30-6689-425B-B643-D6395882F55F} folder moved successfully.
C:\Users\Ivett\AppData\Local\{4AA102CF-2DDD-4890-B21A-89DF348405CC} folder moved successfully.
C:\Users\Ivett\AppData\Local\{A4C335E4-8820-490F-BBC4-135103C017F5} folder moved successfully.
C:\Users\Ivett\AppData\Local\{23B54E61-877B-4EFA-B1C6-B20B5248BAAF} folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner\Results folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner\QuarantineW\2012-01-17 19-48-140 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner\QuarantineW\2012-01-17 17-13-380 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner\QuarantineW\2012-01-17 17-13-280 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner\QuarantineW\2012-01-17 17-12-410 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner\QuarantineW folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner\PCOBackups folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner\Logs folder moved successfully.
C:\Users\Ivett\AppData\Roaming\FixCleaner folder moved successfully.
C:\Users\Ivett\AppData\Roaming\Systweak folder moved successfully.
C:\Windows\System32\roboot.exe moved successfully.
C:\ProgramData\Avira folder moved successfully.
C:\Users\Ivett\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Ivett\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Ivett\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Ivett\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Ivett\AppData\Roaming\Uniblue folder moved successfully.
C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} folder moved successfully.
C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\SecurityScanner\McUICnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\SecurityScanner folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\SSScheduler folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\McUICnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\McCHSvc folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\McUICnt\McUICnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\McUICnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\McInst folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\Common\McCHSvc folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\Common folder moved successfully.
C:\ProgramData\McAfee\MCLOGS folder moved successfully.
C:\ProgramData\McAfee folder moved successfully.
C:\Users\Ivett\AppData\Local\2f20ea83 moved successfully.
C:\Users\Ivett\AppData\Roaming\b72811bc moved successfully.
C:\ProgramData\c5c43587 moved successfully.
C:\Windows\System32\RegistryDefragBootTime.exe moved successfully.
C:\Users\Ivett\AppData\Local\8sje7w155ff6j8864w0ec26634t8ymo2khv moved successfully.
C:\ProgramData\8sje7w155ff6j8864w0ec26634t8ymo2khv moved successfully.
C:\Users\Ivett\AppData\Local\fbqvkjri7s8e0w8k8uvp2lyp08j moved successfully.
C:\ProgramData\fbqvkjri7s8e0w8k8uvp2lyp08j moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG\Rescue\PC Tuneup 2011 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG\Rescue folder moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG\PC Tuneup 2011\User Reports folder moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG\PC Tuneup 2011 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG\PC Tuneup\Logs folder moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG\PC Tuneup folder moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG\Disk Cleaner\User Reports folder moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG\Disk Cleaner folder moved successfully.
Folder move failed. C:\Users\Ivett\AppData\Roaming\AVG scheduled to be moved on reboot.
C:\Users\Ivett\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Ivett\AppData\Roaming\AVG10 folder moved successfully.
Folder C:\Users\Ivett\AppData\Roaming\Catalina Marketing Corp [2012/01/19 21:43:53 | 000,000,000 | ---D | M] -- C:\Users\Ivett\AppData\Roaming\DriverCure\ not found.
Folder C:\Users\Ivett\AppData\Roaming\FixCleaner\ not found.
C:\Users\Ivett\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\Startup Manager folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\Smart RAM folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\PrivacySweeper folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\Log folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\DiskCheck folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\Disk Cleaner folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5\Backup folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V4\Toolbox folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V4\PMonitor folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V4\Log folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V4\Backup folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit\Advanced SystemCare V4 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\IObit folder moved successfully.
Folder C:\Users\Ivett\AppData\Roaming\PC Unleashed Online\ not found.
C:\Users\Ivett\AppData\Roaming\Sammsoft folder moved successfully.
C:\Users\Ivett\AppData\Roaming\spotmau\WinCare2010\Startup Baks folder moved successfully.
C:\Users\Ivett\AppData\Roaming\spotmau\WinCare2010 folder moved successfully.
C:\Users\Ivett\AppData\Roaming\spotmau folder moved successfully.
Folder C:\Users\Ivett\AppData\Roaming\Systweak\ not found.
Folder C:\Users\Ivett\AppData\Roaming\Uniblue\ not found.
C:\Windows\Tasks\TuneUpMedic_scan_schedule_task_d42c7482-20ae-4a7c-8fde-4d6aeb8e2ca4.job moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 01232012_192708

Files\Folders moved on Reboot...
C:\Users\Ivett\AppData\Roaming\AVG folder moved successfully.

Registry entries deleted on Reboot...

vivianaivett · « **Reply #24 on:** January 23, 2012, 07:19:48 PM »

I will now wait for you. I found only one report for OTL I saw something but it says that it was moved?

Could not find it.

Did I mess u up?

Bear · « **Reply #25 on:** January 24, 2012, 02:05:34 AM »

Hi Vivian

You did just fine.

1. Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: Combofix use

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

Close all open browsers.

2. Disable all of your Anti-Virus, Anti-Spyware programs. If you need help to disable them go to Disable Anti Malware, be sure to re-enable them before posting your reply.

3. Double click combofix.exe. For XP, if ComboFix offers to install a Recovery Console, you must permit it to do so. It is very dangerous to permit ComboFix to run unless the Recovery Console is installed.

When finished, it will produce a report for you at C:\ComboFix.txt.

As always please be sure Word Wrap is disabled in Notepad. Also be sure to check that the data you posted was not cut off by the sites posting size limits.

Now please post the following to me as a reply to this post:
ComboFix.txt
Let me know how your computer and browser are operating
If you have any questions or problems, let me know that as well

vivianaivett · « **Reply #26 on:** January 24, 2012, 06:25:49 PM »

ComboFix.txt
So far browser is doing good. It is like fast and better than when I first got it. Here is the log you requested and I am going to divided in three parts even when I previewed and I am able to see all I dont want to miss nothing.

This is part 1

ComboFix 12-01-23.02 - Ivett 01/24/2012 18:35:45.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.1071 [GMT -5:00]
Running from: c:\users\Ivett\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-24 23:45 . 2012-01-24 23:45   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-01-24 23:06 . 2012-01-06 01:19   6557240   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{831D3861-5866-4064-B909-E5B99B250981}\mpengine.dll
2012-01-24 00:27 . 2012-01-24 00:27   --------   d-----w-   C:\_OTL
2012-01-23 04:06 . 2012-01-23 04:13   111872   ----a-w-   c:\windows\system32\drivers\TrueSight.sys
2012-01-23 01:06 . 2012-01-23 01:07   --------   dc----w-   c:\users\Ivett\AppData\Local\MigWiz
2012-01-22 03:22 . 2012-01-06 01:19   6557240   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-21 01:31 . 2012-01-21 01:31   703824   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FD05E23-70B2-406C-B748-DE3943E2AB0F}\gapaengine.dll
2012-01-21 01:30 . 2012-01-21 01:30   --------   d-----w-   c:\program files\Microsoft Security Client
2012-01-20 03:39 . 2012-01-20 03:46   --------   d-----w-   c:\programdata\SUPERSetup
2012-01-20 03:13 . 2012-01-20 03:13   7450888   ----a-w-   c:\program files\Common Files\Windows Live\.cache\6d7ccf7a1ccd72101\bingbarsetup.exe
2012-01-20 02:43 . 2012-01-20 03:23   --------   d-----w-   c:\programdata\PC Unleashed Online
2012-01-19 03:07 . 2012-01-20 00:05   1660   ----a-w-   c:\windows\system32\ASOROSet.bin
2012-01-17 20:29 . 2012-01-17 20:29   --------   d-----w-   c:\users\Default\AppData\Local\AskToolbar
2012-01-08 02:39 . 2012-01-08 02:39   --------   d-----w-   c:\programdata\!SASCORE
2012-01-06 23:48 . 2012-01-06 23:48   --------   d-----w-   c:\program files\DIFX
2012-01-06 23:45 . 2012-01-06 23:45   --------   d-----w-   c:\programdata\Leapfrog
2012-01-06 23:45 . 2012-01-06 23:47   --------   d-----w-   c:\program files\LeapFrog
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 23:51 . 2011-05-15 19:03   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-18 16:29 . 2010-01-30 03:03   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2011-12-18 16:29 . 2009-11-18 01:49   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2011-11-24 04:25 . 2011-12-13 23:32   2342912   ----a-w-   c:\windows\system32\win32k.sys
2011-11-05 04:26 . 2011-12-13 23:33   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-13 23:38   1798144   ----a-w-   c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-13 23:38   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-13 23:38   1127424   ----a-w-   c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-13 23:38   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

vivianaivett · « **Reply #27 on:** January 24, 2012, 06:31:49 PM »

This is part 2

*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"MyTOSHIBA"="c:\program files\toshiba\my toshiba\mytoshiba.exe" [2009-08-06 264048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"TosSENotify"="c:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe" [2009-09-17 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"00TCrdMain"="c:\program files\toshiba\flashcards\tcrdmain.exe" [2009-08-05 738616]
"KeNotify"="c:\program files\toshiba\utilities\kenotify.exe" [2009-01-14 34088]
"HWSetup"="c:\program files\toshiba\utilities\hwsetup.exe" [2009-06-02 425984]
"SVPWUTIL"="c:\program files\toshiba\utilities\svpwutil.exe" [2009-07-10 352256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Ivett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37   843712   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04   529256   ----a-w-   c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2009-08-05 21:18   476512   ----a-w-   c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.

vivianaivett · « **Reply #28 on:** January 24, 2012, 06:50:54 PM »

ComboFix.txt
Sorry I forgot to put this on my Part 2, but so far this is the only one I divided.

This is part 3
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-26 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-26 135664]
R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2009-10-10 33792]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;

R3 RtsUIR;Realtek IR Driver;

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-25 1343400]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15   264048   ----a-w-   c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-26 17:47]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-26 17:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-swg - c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{472734EA-242A-422B-ADF8-83D1E48CC825}"=hex:51,66,7a,6c,4c,1d,38,12,84,37,34,
43,18,6a,45,07,d2,ee,c0,91,e1,d2,8c,31
"{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"=hex:51,66,7a,6c,4c,1d,38,12,07,04,c9,
0f,40,b3,9a,0c,ed,70,a2,bb,05,11,09,9b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}"=hex:51,66,7a,6c,4c,1d,38,12,75,3e,1c,
2e,3b,47,9a,0a,cd,64,23,dc,cb,3e,10,f3
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}"=hex:51,66,7a,6c,4c,1d,38,12,19,c7,a0,
e8,38,54,d3,01,c4,41,3b,b9,ea,bd,0b,b3
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:be,51,51,86,4b,d5,cc,01
.
[HKEY_USERS\S-1-5-21-2767901044-4139088532-1525254392-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2767901044-4139088532-1525254392-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-24 18:57:47
ComboFix-quarantined-files.txt 2012-01-24 23:57
.
Pre-Run: 201,281,601,536 bytes free
Post-Run: 200,840,216,576 bytes free
.
- - End Of File - - 53A496E7D3D610D7A329277B86B9E287

vivianaivett · « **Reply #29 on:** January 24, 2012, 06:53:29 PM »

Dear Bear

Let me know if I did ok.

News:

Author Topic: [Resolved] Malware/Spyware Mayor problem, cant solve it or dont know what (Read 2053 times)

vivianaivett

Re: [In Progress B] Malware/Spyware Mayor problem, cant solve it or dont know what

Bear

Re: [In Progress B] Malware/Spyware Mayor problem, cant solve it or dont know what

Bear

Re: [In Progress B] Malware/Spyware Mayor problem, cant solve it or dont know what

vivianaivett

Re: [In Progress B] Malware/Spyware Mayor problem, cant solve it or dont know what

vivianaivett

Re: [In Progress B] Malware/Spyware Mayor problem, cant solve it or dont know what

vivianaivett

Re: [In Progress B] Malware/Spyware Mayor problem, cant solve it or dont know what

vivianaivett

Re: [In Progress B] Malware/Spyware Mayor problem, cant solve it or dont know what

vivianaivett

Re: [In Progress B] Malware/Spyware Mayor problem, cant solve it or dont know what

vivianaivett

Re: [In Progress B] Malware/Spyware Mayor problem, cant solve it or dont know what

vivianaivett

Re: [In Progress B] Malware/Spyware Mayor problem, cant solve it or dont know what

Bear

Re: [In Progress B] Malware/Spyware Mayor problem, cant solve it or dont know what

vivianaivett

Re: [In Progress B] Malware/Spyware Mayor problem, cant solve it or dont know what

vivianaivett

Re: [In Progress B] Malware/Spyware Mayor problem, cant solve it or dont know what

vivianaivett

Re: [In Progress B] Malware/Spyware Mayor problem, cant solve it or dont know what

vivianaivett

Re: [In Progress B] Malware/Spyware Mayor problem, cant solve it or dont know what