Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Personal Internet Security 2011 Removal


  • This topic is locked This topic is locked
18 replies to this topic

#1 brianbli

brianbli

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 02 January 2011 - 07:17 PM

Hi, I have followed the tutorial given at this address

http://www.bleepingcomputer.com/virus-removal/remove-personal-internet-security-2011

but still cannot remove the stated malware from my system. As soon as I start Windows in normal state it reactivates itself again. The process itself is shown as 'PI145_2164.exe *32' in Task Manager.

My DDS log is attached below. Any help greatly appreciated.

#######################################################################################################################

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Darren at 23:57:25.39 on 02/01/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3933.2686 [GMT 0:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\ProgramData\ResultBar\resultbar119.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\ResultBar\resultbar.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Darren\AppData\Roaming\Meovl\kuep.exe
C:\Users\Darren\AppData\Roaming\Luoxma\zowu.exe
C:\Users\Darren\AppData\Roaming\Andy\faka.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\ProgramData\14560d\PI145_2164.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Darren\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/ig?hl=en
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {851552F5-B878-4B03-904F-2AD6A4CC8994} - No File
TB: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [{87C497B7-1F33-3CF7-8705-96CB4420FD06}] C:\Users\Darren\AppData\Roaming\Meovl\kuep.exe
uRun: [{2C5E5740-C3BC-6CEA-5A72-7CF990F828D0}] C:\Users\Darren\AppData\Roaming\Luoxma\zowu.exe
uRun: [{3C919E2F-9375-C4A8-1CF0-E06323AC9BC6}] C:\Users\Darren\AppData\Roaming\Andy\faka.exe
uRun: [Personal Internet Security 2011] "C:\ProgramData\14560d\PI145_2164.exe" /s /d
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
StartupFolder: C:\Users\Darren\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 0 = msseces.exe
uPolicies-disallowrun: 1 = MSASCui.exe
uPolicies-disallowrun: 2 = ekrn.exe
uPolicies-disallowrun: 3 = egui.exe
uPolicies-disallowrun: 4 = avgnt.exe
uPolicies-disallowrun: 5 = avcenter.exe
uPolicies-disallowrun: 6 = avscan.exe
uPolicies-disallowrun: 7 = avgfrw.exe
uPolicies-disallowrun: 8 = avgui.exe
uPolicies-disallowrun: 9 = avgtray.exe
uPolicies-disallowrun: 10 = avgscanx.exe
uPolicies-disallowrun: 11 = avgcfgex.exe
uPolicies-disallowrun: 12 = avgemc.exe
uPolicies-disallowrun: 13 = avgchsvx.exe
uPolicies-disallowrun: 14 = avgcmgr.exe
uPolicies-disallowrun: 15 = avgwdsvc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
IFEO: image file execution options - svchost.exe
TB-X64: {851552F5-B878-4B03-904F-2AD6A4CC8994} - No File
TB-X64: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} - No File
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
IFEO-X64: image file execution options - svchost.exe

============= SERVICES / DRIVERS ===============

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2009-11-22 482384]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 ResultBar Service;ResultBar Service;C:\ProgramData\ResultBar\resultbar119.exe [2010-12-31 49416]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-8-6 116104]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-27 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-7-10 139264]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2009-11-22 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-9-4 215040]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2009-11-22 942080]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-11-22 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1cab5b09db90904;Google Update Service (gupdate1cab5b09db90904);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-25 133104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-9 1255736]

=============== Created Last 30 ================

2011-01-02 18:18:41 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-01-02 14:39:51 -------- d-----w- C:\Users\Darren\AppData\Local\ElevatedDiagnostics
2011-01-02 13:20:58 -------- d-sh--w- C:\Users\Darren\AppData\Roaming\Personal Internet Security 2011
2011-01-02 13:20:58 -------- d-sh--w- C:\PROGRA~3\PIHXSS
2011-01-02 13:19:14 -------- d-sh--w- C:\PROGRA~3\14560d
2011-01-01 14:35:30 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{7C44DD92-69D4-4AA4-AF98-CA50FA16AB9E}\mpengine.dll
2010-12-14 23:09:59 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2010-12-11 19:03:12 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2010-12-11 19:03:12 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2010-12-11 18:59:21 83249512 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcFF77.tmp
2010-12-08 22:34:52 15256 ----a-w- C:\Users\Darren\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll

==================== Find3M ====================

2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 10:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll

============= FINISH: 23:58:12.15 ===============

#######################################################################################################################

I am also attaching the 'Attach.txt' file as instructed. Unfortunately as I am running the 64-bit version of Win7 I do not have the GMER log.

Thanks ever so much.

Attached File  Attach.txt   5.36KB   0 downloads

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:57 AM

Posted 07 January 2011 - 09:10 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 brianbli

brianbli
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 09 January 2011 - 05:26 PM

Hi m0le. Thanks for your trouble. I will be awaiting your next set of instructions patiently

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:57 AM

Posted 09 January 2011 - 07:02 PM

Please let's make sure that there are no rootkits which are making the removal difficult.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:57 AM

Posted 13 January 2011 - 02:34 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:57 AM

Posted 13 January 2011 - 09:18 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:57 AM

Posted 14 January 2011 - 11:49 AM

Reopened at user's request

-----------------------------------------

Please go ahead with the scans. :)
Posted Image
m0le is a proud member of UNITE

#8 brianbli

brianbli
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 15 January 2011 - 10:39 PM

##############
TDSSKiller Log
##############


2011/01/16 03:33:05.0296 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
2011/01/16 03:33:05.0296 ================================================================================
2011/01/16 03:33:05.0297 SystemInfo:
2011/01/16 03:33:05.0297
2011/01/16 03:33:05.0297 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/16 03:33:05.0297 Product type: Workstation
2011/01/16 03:33:05.0297 ComputerName: DF
2011/01/16 03:33:05.0299 UserName: Darren
2011/01/16 03:33:05.0299 Windows directory: C:\Windows
2011/01/16 03:33:05.0299 System windows directory: C:\Windows
2011/01/16 03:33:05.0299 Running under WOW64
2011/01/16 03:33:05.0299 Processor architecture: Intel x64
2011/01/16 03:33:05.0299 Number of processors: 2
2011/01/16 03:33:05.0299 Page size: 0x1000
2011/01/16 03:33:05.0299 Boot type: Normal boot
2011/01/16 03:33:05.0299 ================================================================================
2011/01/16 03:33:05.0301 Utility is running under WOW64
2011/01/16 03:33:05.0680 Initialize success
2011/01/16 03:33:13.0757 ================================================================================
2011/01/16 03:33:13.0758 Scan started
2011/01/16 03:33:13.0758 Mode: Manual;
2011/01/16 03:33:13.0758 ================================================================================
2011/01/16 03:33:15.0854 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/01/16 03:33:16.0042 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/01/16 03:33:16.0189 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/01/16 03:33:16.0353 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/16 03:33:16.0603 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/16 03:33:16.0770 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/16 03:33:16.0971 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/01/16 03:33:17.0215 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/01/16 03:33:17.0364 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/01/16 03:33:17.0506 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/01/16 03:33:17.0648 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/16 03:33:17.0863 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/16 03:33:18.0009 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/01/16 03:33:18.0137 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/16 03:33:18.0286 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/01/16 03:33:18.0410 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/01/16 03:33:18.0605 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/01/16 03:33:18.0743 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/16 03:33:19.0002 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/16 03:33:19.0209 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/01/16 03:33:19.0505 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
2011/01/16 03:33:19.0972 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/01/16 03:33:20.0183 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/01/16 03:33:20.0357 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/01/16 03:33:20.0523 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/16 03:33:20.0713 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/16 03:33:20.0860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/16 03:33:21.0027 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/16 03:33:21.0249 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/01/16 03:33:21.0461 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/16 03:33:21.0622 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/16 03:33:21.0870 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/16 03:33:22.0013 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/16 03:33:22.0215 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/16 03:33:22.0486 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/16 03:33:22.0668 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/16 03:33:22.0861 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/01/16 03:33:23.0140 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/16 03:33:23.0360 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/01/16 03:33:23.0564 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/01/16 03:33:23.0767 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/16 03:33:23.0912 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/01/16 03:33:24.0155 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/16 03:33:24.0404 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/01/16 03:33:24.0559 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/01/16 03:33:24.0718 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/01/16 03:33:24.0930 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/01/16 03:33:25.0316 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/16 03:33:25.0612 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/01/16 03:33:25.0943 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/16 03:33:26.0073 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/01/16 03:33:26.0416 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/01/16 03:33:26.0699 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/01/16 03:33:26.0962 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/16 03:33:27.0235 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/01/16 03:33:27.0381 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/01/16 03:33:27.0558 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/16 03:33:27.0891 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/01/16 03:33:28.0093 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/01/16 03:33:28.0317 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/16 03:33:28.0464 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/16 03:33:28.0682 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/16 03:33:28.0988 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/16 03:33:29.0124 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/01/16 03:33:29.0282 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/16 03:33:29.0532 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/16 03:33:29.0670 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/16 03:33:29.0849 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/16 03:33:30.0077 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/16 03:33:30.0298 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/01/16 03:33:30.0536 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/01/16 03:33:30.0760 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/16 03:33:31.0019 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/16 03:33:31.0219 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/01/16 03:33:31.0415 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/01/16 03:33:32.0214 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/01/16 03:33:32.0703 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/16 03:33:33.0083 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
2011/01/16 03:33:33.0294 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
2011/01/16 03:33:33.0525 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/16 03:33:33.0652 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/16 03:33:33.0805 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/16 03:33:33.0994 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/01/16 03:33:34.0130 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/01/16 03:33:34.0427 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/01/16 03:33:34.0550 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/01/16 03:33:34.0796 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/16 03:33:34.0931 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/16 03:33:35.0067 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/16 03:33:35.0358 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/16 03:33:35.0601 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/16 03:33:35.0725 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/01/16 03:33:35.0971 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/16 03:33:36.0317 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\Windows\system32\DRIVERS\LPCFilter.sys
2011/01/16 03:33:36.0675 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/16 03:33:36.0968 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/16 03:33:37.0109 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/16 03:33:37.0255 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/16 03:33:37.0477 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/01/16 03:33:37.0715 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/16 03:33:38.0067 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/16 03:33:38.0415 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/01/16 03:33:38.0719 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/16 03:33:38.0842 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/16 03:33:38.0990 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/16 03:33:39.0045 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/01/16 03:33:39.0328 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/01/16 03:33:39.0567 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/16 03:33:39.0925 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/01/16 03:33:40.0045 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/16 03:33:40.0265 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/16 03:33:40.0546 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/16 03:33:40.0824 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/01/16 03:33:41.0095 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/01/16 03:33:41.0279 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/01/16 03:33:41.0494 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/16 03:33:41.0746 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/01/16 03:33:42.0069 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/16 03:33:42.0370 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/16 03:33:42.0529 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/01/16 03:33:42.0720 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/01/16 03:33:42.0929 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/16 03:33:43.0093 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/01/16 03:33:43.0211 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/16 03:33:43.0342 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/01/16 03:33:43.0661 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/16 03:33:43.0958 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/01/16 03:33:44.0132 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/16 03:33:44.0264 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/16 03:33:44.0478 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/16 03:33:44.0645 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/16 03:33:44.0769 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/01/16 03:33:44.0910 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/16 03:33:45.0094 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/16 03:33:45.0396 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/16 03:33:45.0539 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/01/16 03:33:45.0745 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/16 03:33:46.0009 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/01/16 03:33:46.0310 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/01/16 03:33:46.0478 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/01/16 03:33:46.0658 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/01/16 03:33:46.0872 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/01/16 03:33:47.0040 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/16 03:33:47.0232 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/01/16 03:33:47.0419 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/01/16 03:33:47.0657 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/01/16 03:33:47.0812 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/16 03:33:48.0077 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/16 03:33:48.0266 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/01/16 03:33:48.0373 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/01/16 03:33:48.0664 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
2011/01/16 03:33:48.0939 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/16 03:33:49.0012 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/01/16 03:33:49.0199 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/16 03:33:49.0344 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/16 03:33:49.0512 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/16 03:33:49.0643 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/16 03:33:49.0742 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/16 03:33:49.0883 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/16 03:33:49.0970 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/16 03:33:50.0232 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/16 03:33:50.0397 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/16 03:33:50.0570 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/16 03:33:50.0708 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/16 03:33:50.0906 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/16 03:33:51.0074 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/16 03:33:51.0246 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/16 03:33:51.0410 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/01/16 03:33:51.0607 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/01/16 03:33:51.0867 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/16 03:33:52.0199 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/01/16 03:33:52.0485 rtl8192se (a9ede191b5478d18f0a1bff3b822f7a5) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/01/16 03:33:52.0841 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/01/16 03:33:53.0051 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/16 03:33:53.0270 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/01/16 03:33:53.0597 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/16 03:33:53.0723 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/01/16 03:33:54.0029 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/16 03:33:54.0270 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/16 03:33:54.0425 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/16 03:33:54.0543 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/16 03:33:54.0680 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/16 03:33:54.0906 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/16 03:33:55.0135 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/16 03:33:55.0288 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/01/16 03:33:55.0471 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/01/16 03:33:55.0666 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/01/16 03:33:55.0919 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/16 03:33:56.0101 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/16 03:33:56.0333 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/16 03:33:56.0504 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/16 03:33:56.0681 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\Windows\system32\DRIVERS\SynTP.sys
2011/01/16 03:33:57.0082 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/01/16 03:33:57.0452 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/16 03:33:57.0725 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/16 03:33:58.0059 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/01/16 03:33:58.0185 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/01/16 03:33:58.0401 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/01/16 03:33:58.0549 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/16 03:33:58.0831 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/16 03:33:59.0298 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys
2011/01/16 03:33:59.0601 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/16 03:33:59.0756 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/16 03:33:59.0952 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/01/16 03:34:00.0083 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
2011/01/16 03:34:00.0278 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/16 03:34:00.0508 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/16 03:34:00.0812 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/01/16 03:34:01.0022 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/16 03:34:01.0228 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/16 03:34:01.0381 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/16 03:34:01.0794 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/01/16 03:34:02.0003 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/16 03:34:02.0295 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/16 03:34:02.0559 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/16 03:34:02.0788 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/16 03:34:02.0997 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/16 03:34:03.0223 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/16 03:34:03.0468 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/01/16 03:34:03.0692 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/01/16 03:34:03.0870 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/16 03:34:04.0048 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/01/16 03:34:04.0325 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/01/16 03:34:04.0606 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/01/16 03:34:04.0809 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/01/16 03:34:05.0031 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/01/16 03:34:05.0334 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/01/16 03:34:05.0490 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/16 03:34:05.0730 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/01/16 03:34:05.0887 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/01/16 03:34:06.0068 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/16 03:34:06.0277 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/16 03:34:06.0344 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/16 03:34:06.0698 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/01/16 03:34:06.0972 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/16 03:34:07.0284 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/16 03:34:07.0435 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/01/16 03:34:07.0794 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/16 03:34:08.0081 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/16 03:34:08.0348 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/01/16 03:34:08.0561 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/16 03:34:08.0774 ================================================================================
2011/01/16 03:34:08.0774 Scan finished
2011/01/16 03:34:08.0774 ================================================================================


############
MBRCheck Log
############

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite L500
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 185):
0x02C67000 \SystemRoot\system32\ntoskrnl.exe
0x02C1E000 \SystemRoot\system32\hal.dll
0x00BCC000 \SystemRoot\system32\kdcom.dll
0x00C10000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C54000 \SystemRoot\system32\PSHED.dll
0x00C68000 \SystemRoot\system32\CLFS.SYS
0x00CC6000 \SystemRoot\system32\CI.dll
0x00E27000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ECB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EDA000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F31000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F3A000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F44000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F77000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F84000 \SystemRoot\System32\drivers\partmgr.sys
0x00F99000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FA2000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FAE000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D86000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FC3000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FDD000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FE4000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0106C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01188000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01191000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x011BB000 \SystemRoot\system32\DRIVERS\msahci.sys
0x011C6000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01236000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014AF000 \SystemRoot\System32\Drivers\msrpc.sys
0x0150D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01527000 \SystemRoot\System32\Drivers\cng.sys
0x0159A000 \SystemRoot\System32\drivers\pcw.sys
0x015AB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016C5000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0168B000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x01861000 \SystemRoot\system32\DRIVERS\tos_sps64.sys
0x018DB000 \SystemRoot\System32\Drivers\spldr.sys
0x018E3000 \SystemRoot\System32\drivers\rdyboost.sys
0x0191D000 \SystemRoot\System32\Drivers\mup.sys
0x0192F000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01938000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01972000 \SystemRoot\system32\DRIVERS\disk.sys
0x01988000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02DC5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02DEF000 \SystemRoot\System32\Drivers\Null.SYS
0x02DF8000 \SystemRoot\System32\Drivers\Beep.SYS
0x02C00000 \SystemRoot\System32\drivers\vga.sys
0x02C0E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02C33000 \SystemRoot\System32\drivers\watchdog.sys
0x02C43000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02C4C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02C55000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02C5E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02C69000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03A03000 \SystemRoot\System32\drivers\tcpip.sys
0x01800000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x019C6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02C7A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03C60000 \SystemRoot\system32\drivers\afd.sys
0x03CEA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03D2F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03D38000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03D5E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03D74000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03D83000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03D9E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03C51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03DB2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03DBD000 \SystemRoot\System32\drivers\discache.sys
0x03DCC000 \SystemRoot\System32\Drivers\dfsc.sys
0x03DEA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x01690000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03E08000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x048D4000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04800000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04846000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04853000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x048A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x049C8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04510000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04A98000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x04B9F000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04BAC000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x04BBB000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x04BC5000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x04BCC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04BE2000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04A00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04A16000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04A3A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04A46000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04A75000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04549000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x048BA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x049EC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0456A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04A90000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04579000 \SystemRoot\system32\DRIVERS\ks.sys
0x045BC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0144C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x045CE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05A21000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x017B7000 \SystemRoot\system32\drivers\portcls.sys
0x015B5000 \SystemRoot\system32\drivers\drmk.sys
0x05A00000 \SystemRoot\system32\drivers\ksthunk.sys
0x015D7000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x05A06000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x013D9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05C69000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05CB2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x00080000 \SystemRoot\System32\win32k.sys
0x05CB4000 \SystemRoot\System32\drivers\Dxapi.sys
0x05CC0000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05CDD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05CFA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02C87000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05D08000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05D1B000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05D49000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x05D50000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005B0000 \SystemRoot\System32\TSDDD.dll
0x00740000 \SystemRoot\System32\cdd.dll
0x05D5E000 \SystemRoot\system32\drivers\luafv.sys
0x05D81000 \SystemRoot\system32\drivers\WudfPf.sys
0x05DA2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05C00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05C53000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05DB7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03437000 \SystemRoot\system32\drivers\HTTP.sys
0x034FF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0351D000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03535000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03562000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x035B0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06214000 \SystemRoot\system32\drivers\peauth.sys
0x062BA000 \SystemRoot\System32\Drivers\secdrv.SYS
0x062C5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x062F2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06304000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07CE5000 \SystemRoot\System32\DRIVERS\srv.sys
0x76D70000 \Windows\System32\ntdll.dll
0x47DC0000 \Windows\System32\smss.exe
0xFF090000 \Windows\System32\apisetschema.dll
0xFFCB0000 \Windows\System32\autochk.exe
0xFF050000 \Windows\System32\imm32.dll
0x76F40000 \Windows\System32\normaliz.dll
0xFEE70000 \Windows\System32\setupapi.dll
0xFEDD0000 \Windows\System32\comdlg32.dll
0xFED50000 \Windows\System32\difxapi.dll
0xFEBD0000 \Windows\System32\urlmon.dll
0xFEB50000 \Windows\System32\shlwapi.dll
0xFEA70000 \Windows\System32\advapi32.dll
0xFE810000 \Windows\System32\iertutil.dll
0xFE730000 \Windows\System32\oleaut32.dll
0xFE6E0000 \Windows\System32\Wldap32.dll
0xFD950000 \Windows\System32\shell32.dll
0xFD740000 \Windows\System32\ole32.dll
0xFD720000 \Windows\System32\imagehlp.dll
0xFD710000 \Windows\System32\nsi.dll
0x76C70000 \Windows\System32\user32.dll
0xFD5E0000 \Windows\System32\rpcrt4.dll
0xFD590000 \Windows\System32\ws2_32.dll
0xFD4F0000 \Windows\System32\msvcrt.dll
0x76B50000 \Windows\System32\kernel32.dll
0xFD4E0000 \Windows\System32\lpk.dll
0xFD3B0000 \Windows\System32\wininet.dll
0xFD340000 \Windows\System32\gdi32.dll
0x76F30000 \Windows\System32\psapi.dll
0xFD2A0000 \Windows\System32\clbcatq.dll
0xFD1D0000 \Windows\System32\usp10.dll
0xFD1B0000 \Windows\System32\sechost.dll
0xFD0A0000 \Windows\System32\msctf.dll
0xFD060000 \Windows\System32\cfgmgr32.dll
0xFCEF0000 \Windows\System32\crypt32.dll
0xFCED0000 \Windows\System32\devobj.dll
0xFCE30000 \Windows\System32\comctl32.dll
0xFCDC0000 \Windows\System32\KernelBase.dll
0xFCD80000 \Windows\System32\wintrust.dll
0xFCD70000 \Windows\System32\msasn1.dll

Processes (total 82):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
436 csrss.exe
488 C:\Windows\System32\wininit.exe
500 csrss.exe
540 C:\Windows\System32\services.exe
576 C:\Windows\System32\winlogon.exe
588 C:\Windows\System32\lsass.exe
596 C:\Windows\System32\lsm.exe
708 C:\Windows\System32\svchost.exe
788 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
112 C:\Windows\System32\audiodg.exe
444 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\spoolsv.exe
1204 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\taskhost.exe
1412 C:\Windows\System32\dwm.exe
1424 C:\Windows\explorer.exe
1472 C:\Windows\System32\svchost.exe
1764 C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
1956 C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
1972 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
1992 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
2008 C:\Windows\System32\igfxtray.exe
2020 C:\Windows\System32\hkcmd.exe
1504 C:\Windows\System32\igfxpers.exe
1576 C:\Windows\System32\igfxsrvc.exe
1776 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
1876 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
1744 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
1324 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1320 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
480 C:\Program Files\TOSHIBA\TECO\TEco.exe
2116 C:\Windows\System32\TODDSrv.exe
2144 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2248 C:\Program Files\TOSHIBA\TECO\TecoService.exe
2280 C:\Windows\System32\svchost.exe
2488 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
2504 C:\Users\Darren\AppData\Roaming\Meovl\kuep.exe
2536 C:\Users\Darren\AppData\Roaming\Luoxma\zowu.exe
2544 C:\Users\Darren\AppData\Roaming\Andy\faka.exe
2088 C:\Windows\System32\igfxext.exe
1016 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2836 C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
3008 C:\Windows\System32\SearchIndexer.exe
3128 C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
3144 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
3184 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3432 WmiPrvSE.exe
3892 C:\Windows\System32\svchost.exe
3976 C:\Program Files\Windows Media Player\wmpnetwk.exe
2920 C:\Windows\System32\taskeng.exe
2760 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
2452 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
2464 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
4212 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4356 C:\ProgramData\14560d\PI145_2164.exe
5016 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
5084 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4956 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
4160 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
2848 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
3924 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
2476 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
2100 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
1904 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
3228 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4904 C:\Windows\servicing\TrustedInstaller.exe
4940 C:\Windows\System32\wuauclt.exe
996 C:\Windows\System32\svchost.exe
1404 C:\Windows\SysWOW64\notepad.exe
4608 C:\Windows\System32\SearchFilterHost.exe
880 C:\Windows\System32\SearchProtocolHost.exe
1688 dllhost.exe
2276 dllhost.exe
3280 C:\Users\Darren\Desktop\MBRCheck.exe
3108 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`19100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003a`51700000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMJA2500BHG2, Rev: 00400018

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

Nothing malicious found by TDSSKiller btw

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:57 AM

Posted 16 January 2011 - 11:02 AM

Yep, clean there.

Please run Combofix which should remove the rogue

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#10 brianbli

brianbli
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 16 January 2011 - 07:32 PM

############
ComboFix.log
############


ComboFix 11-01-16.02 - Darren 17/01/2011 0:06.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3933.2822 [GMT 0:00]
Running from: c:\users\Darren\Desktop\comfix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\QueryExplorer
c:\program files (x86)\QueryExplorer\uninstall.exe
c:\program files (x86)\ResultBar
c:\program files (x86)\ResultBar\resultbar.dll
c:\program files (x86)\ResultBar\resultbar.exe
c:\program files (x86)\ResultBar\uninstall.exe
c:\programdata\ResultBar
c:\programdata\ResultBar\resultbar113.exe
c:\programdata\ResultBar\resultbar119.exe
c:\programdata\ResultBar\resultbar121.exe
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Darren\AppData\Roaming\Andy
c:\users\Darren\AppData\Roaming\Andy\faka.exe
c:\users\Darren\AppData\Roaming\Luoxma
c:\users\Darren\AppData\Roaming\Luoxma\zowu.exe
c:\users\Darren\AppData\Roaming\Meovl
c:\users\Darren\AppData\Roaming\Meovl\kuep.exe
c:\users\Darren\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Personal Internet Security 2011.lnk
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\fix.dll
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\FS.tmp
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\sld.sys
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\SM.exe
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\std.drv
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Personal Internet Security 2011.lnk
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Personal Internet Security 2011.lnk
c:\users\Darren\AppData\Roaming\Personal Internet Security 2011
c:\users\Darren\AppData\Roaming\Personal Internet Security 2011\Instructions.ini
c:\users\Darren\Desktop\Personal Internet Security 2011.lnk

.
((((((((((((((((((((((((( Files Created from 2010-12-17 to 2011-01-17 )))))))))))))))))))))))))))))))
.

2011-01-17 00:27 . 2011-01-17 00:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-15 08:57 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98CEB666-6AD6-4A90-A286-2810B89DB698}\mpengine.dll
2011-01-02 18:18 . 2011-01-02 18:18 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-01-02 14:39 . 2011-01-02 14:39 -------- d-----w- c:\users\Darren\AppData\Local\ElevatedDiagnostics
2011-01-02 13:20 . 2011-01-08 10:08 -------- d-sh--w- c:\programdata\PIHXSS
2011-01-02 13:19 . 2011-01-02 13:56 -------- d-sh--w- c:\programdata\14560d
2010-12-22 23:10 . 2011-01-03 23:25 -------- d-----w- c:\users\Darren\AppData\Roaming\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-04 06:35 . 2010-12-14 23:09 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-14 23:09 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-14 23:09 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-14 23:09 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-14 23:09 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-14 23:09 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-14 23:09 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-14 23:09 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-14 23:10 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-14 23:10 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:17 . 2010-12-14 23:10 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:16 . 2010-12-14 23:10 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-14 23:10 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-14 23:10 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-14 23:10 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-14 23:10 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-14 23:10 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-14 23:10 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-10-27 05:06 . 2010-12-14 23:10 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-14 23:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-10-20 05:20 . 2010-12-14 23:10 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 04:54 . 2010-12-14 23:10 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-10-20 03:09 . 2010-12-14 23:10 3124224 ----a-w- c:\windows\system32\win32k.sys
2010-10-20 03:05 . 2010-12-14 23:10 367104 ----a-w- c:\windows\system32\atmfd.dll
2010-10-20 02:58 . 2010-12-14 23:10 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-10-19 10:41 . 2010-03-03 13:09 270720 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Personal Internet Security 2011"="c:\programdata\14560d\PI145_2164.exe" [2011-01-02 3891200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1cab5b09db90904;Google Update Service (gupdate1cab5b09db90904);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25 133104]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-09 1255736]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-26 942080]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]

.
Contents of the 'Scheduled Tasks' folder

2011-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25 00:22]

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25 00:22]

2011-01-14 c:\windows\Tasks\Norton Security Scan for Darren.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-30 09:06]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-08-06 1050000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/ig?hl=en
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:25534
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-{87C497B7-1F33-3CF7-8705-96CB4420FD06} - c:\users\Darren\AppData\Roaming\Meovl\kuep.exe
Wow6432Node-HKCU-Run-{2C5E5740-C3BC-6CEA-5A72-7CF990F828D0} - c:\users\Darren\AppData\Roaming\Luoxma\zowu.exe
Wow6432Node-HKCU-Run-{3C919E2F-9375-C4A8-1CF0-E06323AC9BC6} - c:\users\Darren\AppData\Roaming\Andy\faka.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-17 00:29:10
ComboFix-quarantined-files.txt 2011-01-17 00:29

Pre-Run: 212,785,623,040 bytes free
Post-Run: 212,928,864,256 bytes free

- - End Of File - - DDB2D075D96DE006A606E0968C2173E6

Looks promising =]

#11 brianbli

brianbli
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 16 January 2011 - 07:40 PM

[Edited to add]

Actually the blasted thing's come back again as I turned the computer off and restarted it. The same way how the tutorial failed.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:57 AM

Posted 16 January 2011 - 08:36 PM

Still have registry entries to go. We'll rerun Combofix and it should remove it completely this time.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

File::
c:\programdata\14560d\PI145_2164.exe

Folder::
c:\programdata\14560d
c:\programdata\PIHXSS

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Personal Internet Security 2011"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#13 brianbli

brianbli
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 16 January 2011 - 09:11 PM

#######
New Log
#######


ComboFix 11-01-16.02 - Darren 17/01/2011 2:04.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3933.2816 [GMT 0:00]
Running from: c:\users\Darren\Desktop\comfix.exe
Command switches used :: c:\users\Darren\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\programdata\14560d\PI145_2164.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\14560d
c:\programdata\14560d\1be6bc88839a2424098ffabcb0536281.ocx
c:\programdata\14560d\BackUp\TRDCReminder.lnk
c:\programdata\14560d\PI145_2164.exe
c:\programdata\14560d\PIS.ico
c:\programdata\14560d\qkxhru8w45e7tm9q01u8zhg01k9q01u8z6hy2p45xgtm9q01u8zv.dll
c:\programdata\PIHXSS
c:\programdata\PIHXSS\PIIWHFFDBLS.cfg
c:\users\Darren\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Personal Internet Security 2011.lnk
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Personal Internet Security 2011.lnk
c:\users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Personal Internet Security 2011.lnk
c:\users\Darren\AppData\Roaming\Personal Internet Security 2011
c:\users\Darren\Desktop\Personal Internet Security 2011.lnk

.
((((((((((((((((((((((((( Files Created from 2010-12-17 to 2011-01-17 )))))))))))))))))))))))))))))))
.

2011-01-17 02:07 . 2011-01-17 02:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-15 08:57 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98CEB666-6AD6-4A90-A286-2810B89DB698}\mpengine.dll
2011-01-02 18:18 . 2011-01-02 18:18 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-01-02 14:39 . 2011-01-02 14:39 -------- d-----w- c:\users\Darren\AppData\Local\ElevatedDiagnostics
2010-12-22 23:10 . 2011-01-03 23:25 -------- d-----w- c:\users\Darren\AppData\Roaming\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-04 06:35 . 2010-12-14 23:09 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-14 23:09 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-14 23:09 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-14 23:09 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-14 23:09 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-14 23:09 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-14 23:09 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-14 23:09 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-14 23:10 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-14 23:10 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:17 . 2010-12-14 23:10 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:16 . 2010-12-14 23:10 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-14 23:10 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-14 23:10 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-14 23:10 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-14 23:10 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-14 23:10 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-14 23:10 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-10-27 05:06 . 2010-12-14 23:10 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-14 23:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-10-20 05:20 . 2010-12-14 23:10 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 04:54 . 2010-12-14 23:10 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-10-20 03:09 . 2010-12-14 23:10 3124224 ----a-w- c:\windows\system32\win32k.sys
2010-10-20 03:05 . 2010-12-14 23:10 367104 ----a-w- c:\windows\system32\atmfd.dll
2010-10-20 02:58 . 2010-12-14 23:10 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-10-19 10:41 . 2010-03-03 13:09 270720 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((( SnapShot@2011-01-17_00.27.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-04 14:08 . 2011-01-17 01:57 44084 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-01-17 00:02 44416 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-01-17 01:57 44416 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-02-24 12:38 . 2011-01-17 00:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-24 12:38 . 2011-01-17 01:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-24 12:38 . 2011-01-17 00:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-24 12:38 . 2011-01-17 01:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-17 00:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-17 01:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-24 13:10 . 2011-01-17 00:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-24 13:10 . 2011-01-17 01:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-24 13:10 . 2011-01-17 01:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-24 13:10 . 2011-01-17 00:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-24 13:10 . 2011-01-17 01:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-24 13:10 . 2011-01-17 00:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-24 13:10 . 2011-01-17 01:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-24 13:10 . 2011-01-17 00:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-24 13:10 . 2011-01-17 00:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-24 13:10 . 2011-01-17 01:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-24 13:03 . 2011-01-17 01:57 7380 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1163344495-2455460513-1285347831-1001_UserData.bin
- 2010-02-24 13:03 . 2011-01-17 00:02 7380 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1163344495-2455460513-1285347831-1001_UserData.bin
- 2011-01-17 00:00 . 2011-01-17 00:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-17 01:55 . 2011-01-17 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-17 01:55 . 2011-01-17 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-17 00:00 . 2011-01-17 00:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:12 . 2011-01-17 01:59 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-01-17 00:01 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-01-17 00:41 303832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-01-17 00:00 303832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1cab5b09db90904;Google Update Service (gupdate1cab5b09db90904);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25 133104]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-09 1255736]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-26 942080]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]

.
Contents of the 'Scheduled Tasks' folder

2011-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25 00:22]

2011-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25 00:22]

2011-01-14 c:\windows\Tasks\Norton Security Scan for Darren.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-30 09:06]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-08-06 1050000]
"TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe" [BU]
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe" [BU]
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"Teco"="%ProgramFiles%\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/ig?hl=en
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:25500
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-17 02:09:54
ComboFix-quarantined-files.txt 2011-01-17 02:09
ComboFix2.txt 2011-01-17 00:29

Pre-Run: 213,878,775,808 bytes free
Post-Run: 213,527,326,720 bytes free

- - End Of File - - 321464B251E8B922597AD1A034BE9C45

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:57 AM

Posted 17 January 2011 - 09:46 AM

How did that go?
Posted Image
m0le is a proud member of UNITE

#15 brianbli

brianbli
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 17 January 2011 - 12:50 PM

It certainly seems to have done the trick.

Would that be all for the process? If so, thanks ever so much for the help. This is awesome.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users