Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Issue


  • This topic is locked This topic is locked
24 replies to this topic

#1 DragonBlade

DragonBlade

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 05 June 2011 - 08:23 PM

I removed some other blatant malware on this laptop but this lingering google redirect issue still persist. Thank you for your help.

DDS Log:
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Nguyen Ta at 17:47:01 on 2011-06-05
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1045 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Windows\vsnpstd.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\Vid.exe" -bootmode
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [HPUsageTracking] c:\program files\hp\hp ut\bin\hppusg.exe "c:\program files\hp\hp ut\"
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
StartupFolder: c:\users\nguyen~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 172.16.0.1
TCP: Interfaces\{2B628043-564D-499C-B681-5AC04A3A786D} : DhcpNameServer = 100.100.0.103
TCP: Interfaces\{E0A1F536-81B3-4E85-BD10-BDF53B7B0A60} : DhcpNameServer = 172.16.0.1
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nguyen ta\appdata\roaming\mozilla\firefox\profiles\o2qkrb6c.default\
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SysLib1;SysLib1;c:\windows\system32\drivers\SysLib1.sys [2010-3-7 1484288]
R1 SysLib2;SysLib2;c:\windows\system32\drivers\SysLib2.sys [2010-3-7 44032]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-12-15 376320]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-12-15 54136]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-16 136176]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-7 62832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-9 102448]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-27 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-16 136176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-15 167936]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-17 111960]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-17 1343400]
S4 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 117288]
S4 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 117288]
S4 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 154152]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-06-05 08:50:26 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-05 08:46:16 -------- d-----w- c:\users\nguyen ta\appdata\local\temp
2011-06-05 05:52:48 -------- d-----w- c:\users\nguyen ta\DoctorWeb
2011-06-05 04:28:22 388096 ----a-r- c:\users\nguyen ta\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-05 04:28:22 -------- d-----w- c:\program files\Trend Micro
2011-06-05 03:42:51 -------- d-----w- c:\users\nguyen ta\appdata\roaming\239055
2011-06-05 03:42:50 -------- d-----w- c:\users\nguyen ta\appdata\roaming\237901
2011-06-05 03:42:49 -------- d-----w- c:\users\nguyen ta\appdata\roaming\237807
2011-06-05 03:42:49 -------- d-----w- c:\users\nguyen ta\appdata\roaming\237417
2011-06-03 02:48:45 -------- d-----w- c:\users\nguyen ta\appdata\roaming\ZoomBrowser EX
2011-06-03 02:48:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 02:40:22 -------- d-----w- c:\programdata\ZoomBrowser
2011-06-03 02:39:48 -------- d-----w- c:\program files\Canon
2011-06-03 02:38:20 -------- d-----w- c:\program files\common files\Canon
2011-05-28 07:59:06 -------- d-----w- c:\users\nguyen ta\appdata\local\Ilivid Player
2011-05-25 05:21:15 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-19 05:12:33 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-16 18:52:41 -------- d-----w- c:\programdata\AVAST Software
2011-05-16 18:52:41 -------- d-----w- c:\program files\AVAST Software
2011-05-16 04:00:30 -------- d-----w- C:\e
2011-05-16 03:56:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 03:56:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-11 05:19:15 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 05:19:15 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 05:19:14 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 05:19:14 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 05:19:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 05:19:14 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 05:19:14 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 05:19:12 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 05:19:11 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-10 06:03:18 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2011-05-10 06:03:14 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-10 06:03:12 -------- d-----w- c:\users\nguyen ta\appdata\local\Conduit
2011-05-10 06:03:00 -------- d-----w- c:\program files\common files\Authentium
.
==================== Find3M ====================
.
2011-03-12 11:31:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:44:09 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 05:44:01 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 05:44:01 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 05:44:01 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 05:43:55 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 05:43:46 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 05:43:46 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:37:34 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll
2009-07-14 01:14:41 28672 --sh--r- c:\windows\system32\setup\zf32.dll
.
============= FINISH: 17:48:19.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:40 PM

Posted 10 June 2011 - 12:48 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 DragonBlade

DragonBlade
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 10 June 2011 - 01:14 AM

Thank you for your help

DDS Log:
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Nguyen Ta at 23:06:28 on 2011-06-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1105 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Windows\vsnpstd.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\Vid.exe" -bootmode
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_ActiveX.exe -update activex
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [HPUsageTracking] c:\program files\hp\hp ut\bin\hppusg.exe "c:\program files\hp\hp ut\"
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
StartupFolder: c:\users\nguyen~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 172.16.0.1
TCP: Interfaces\{2B628043-564D-499C-B681-5AC04A3A786D} : DhcpNameServer = 100.100.0.103
TCP: Interfaces\{E0A1F536-81B3-4E85-BD10-BDF53B7B0A60} : DhcpNameServer = 172.16.0.1
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nguyen ta\appdata\roaming\mozilla\firefox\profiles\o2qkrb6c.default\
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SysLib1;SysLib1;c:\windows\system32\drivers\SysLib1.sys [2010-3-7 1484288]
R1 SysLib2;SysLib2;c:\windows\system32\drivers\SysLib2.sys [2010-3-7 44032]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-7 62832]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-12-15 376320]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-12-15 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-17 111960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-16 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-9 102448]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-27 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-16 136176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-15 167936]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-17 1343400]
S4 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 117288]
S4 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 117288]
S4 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 154152]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-06-05 08:50:26 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-05 08:46:16 -------- d-----w- c:\users\nguyen ta\appdata\local\temp
2011-06-05 05:52:48 -------- d-----w- c:\users\nguyen ta\DoctorWeb
2011-06-05 04:28:22 388096 ----a-r- c:\users\nguyen ta\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-05 04:28:22 -------- d-----w- c:\program files\Trend Micro
2011-06-05 03:42:51 -------- d-----w- c:\users\nguyen ta\appdata\roaming\239055
2011-06-05 03:42:50 -------- d-----w- c:\users\nguyen ta\appdata\roaming\237901
2011-06-05 03:42:49 -------- d-----w- c:\users\nguyen ta\appdata\roaming\237807
2011-06-05 03:42:49 -------- d-----w- c:\users\nguyen ta\appdata\roaming\237417
2011-06-03 02:48:45 -------- d-----w- c:\users\nguyen ta\appdata\roaming\ZoomBrowser EX
2011-06-03 02:48:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 02:40:22 -------- d-----w- c:\programdata\ZoomBrowser
2011-06-03 02:39:48 -------- d-----w- c:\program files\Canon
2011-06-03 02:38:20 -------- d-----w- c:\program files\common files\Canon
2011-05-28 07:59:06 -------- d-----w- c:\users\nguyen ta\appdata\local\Ilivid Player
2011-05-25 05:21:15 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-19 05:12:33 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-16 18:52:41 -------- d-----w- c:\programdata\AVAST Software
2011-05-16 18:52:41 -------- d-----w- c:\program files\AVAST Software
2011-05-16 04:00:30 -------- d-----w- C:\e
2011-05-16 03:56:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 03:56:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-05-10 06:03:14 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-10 06:02:41 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-03-25 03:06:46 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:06:25 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:06:23 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:06:12 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:06:11 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:06:10 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:06:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-03-12 11:31:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2009-07-14 01:14:41 28672 --sh--r- c:\windows\system32\setup\zf32.dll
.
============= FINISH: 23:07:23.59 ===============

Attach Log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/7/2010 1:24:19 AM
System Uptime: 6/5/2011 5:44:45 PM (102 hours ago)
.
Motherboard: TOSHIBA | | NBWAA
Processor: Celeron® Dual-Core CPU T3000 @ 1.80GHz | U2E1 | 1795/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 127.599 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe FE Family Controller
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FF001179&REV_02\4&492937F&0&00E2
Manufacturer: Realtek
Name: Realtek PCIe FE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FF001179&REV_02\4&492937F&0&00E2
Service: RTL8167
.
==== System Restore Points ===================
.
RP526: 6/5/2011 5:07:11 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AVSDK5
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SD1300 IS_IXUS 105 Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Compatibility Pack for the 2007 Office system
D3DX10
Google Chrome
Google Update Helper
HiJackThis
HPCarePackCore
HPCarePackProducts
hppMSRedist
hppusgP1000
HPSSupply
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet TV for Windows Media Center
Java™ 6 Update 14
Junk Mail filter update
Label@Once 1.0
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
LSI V92 MOH Application
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyToshiba
Norton Internet Security
OGA Notifier 2.0.0048.0
Quickbooks Financial Center
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Launcher
Synaptics Pointing Device Driver
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
Toshiba Online Backup
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Utility Common Driver
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Silverlight
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
6/5/2011 5:45:42 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
6/5/2011 4:28:11 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
6/5/2011 1:43:25 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/5/2011 1:38:34 AM, Error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
6/5/2011 1:30:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
6/5/2011 1:29:08 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/5/2011 1:29:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/5/2011 1:29:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/5/2011 1:29:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/5/2011 1:29:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/5/2011 1:27:24 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl spldr sptd Wanarpv6
6/5/2011 1:27:24 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/5/2011 1:27:03 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
6/4/2011 9:41:44 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.
6/4/2011 9:41:44 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.
6/4/2011 9:41:44 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.
6/4/2011 9:41:33 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
6/4/2011 9:03:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache eeCtrl spldr sptd Wanarpv6
6/4/2011 10:25:19 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
6/4/2011 10:21:15 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
6/3/2011 12:00:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TOSHIBA Optical Disc Drive Service service to connect.
6/3/2011 12:00:57 AM, Error: Service Control Manager [7000] - The TOSHIBA Optical Disc Drive Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

RKUnHooker Log:
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x8E419000 C:\windows\system32\DRIVERS\igdkmd32.sys 6451200 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82C19000 C:\windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82C19000 PnpManager 4259840 bytes
0x82C19000 RAW 4259840 bytes
0x82C19000 WMIxWDM 4259840 bytes
0x93426000 C:\windows\system32\drivers\RTKVHDA.sys 2736128 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x81EF0000 Win32k 2404352 bytes
0x81EF0000 C:\windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8DA1B000 C:\windows\System32\Drivers\SysLib1.sys 1503232 bytes
0x88E39000 C:\windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x88A0E000 C:\windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x92018000 C:\windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (LSI Corporation, SoftModem Device Driver)
0x9370A000 C:\windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x83A32000 C:\windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8EA40000 C:\windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88C0B000 C:\windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x832FC000 C:\windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x962A1000 C:\windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8C860000 C:\windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83229000 C:\windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x83833000 C:\windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x92174000 C:\windows\system32\DRIVERS\RTL8187B.sys 413696 bytes (Realtek Semiconductor Corporation , Realtek RTL8187B NDIS Driver)
0x8E21E000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x88B7B000 C:\windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8C97F000 C:\windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x98A18000 C:\windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x96370000 C:\windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8EB3B000 C:\windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x83981000 C:\windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x838B2000 C:\windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x88D25000 C:\windows\system32\DRIVERS\tos_sps32.sys 290816 bytes (TOSHIBA Corporation, tos_sps32)
0x8C81A000 C:\windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x833A7000 C:\windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x832BA000 C:\windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x83BA3000 C:\windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x88FB3000 C:\windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x88CC2000 C:\windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x96233000 C:\windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8EAF7000 C:\windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x83029000 ACPI_HAL 225280 bytes
0x83029000 C:\windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x83B4B000 C:\windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8E3AC000 C:\windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8E2CF000 C:\windows\system32\DRIVERS\SynTP.sys 208896 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x88D7C000 C:\windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8C94D000 C:\windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x88F82000 C:\windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x936C2000 C:\windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x88E00000 C:\windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x88B3D000 C:\windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x83923000 C:\windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x88DBF000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x88D00000 C:\windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x83B15000 C:\windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8C8E5000 C:\windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8E344000 C:\windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x96342000 C:\windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8E2AE000 C:\windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8DBB9000 C:\windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8C90C000 C:\windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8EB95000 C:\windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8C9E0000 C:\windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x82180000 C:\windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x921E3000 C:\windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9626E000 C:\windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x937E4000 C:\windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8E200000 C:\windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x936F1000 C:\windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x98AE0000 C:\Users\NGUYEN~1\AppData\Local\Temp\kgldypob.sys 102400 bytes
0x8E288000 C:\windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8EBB8000 C:\windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8E321000 C:\windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8E366000 C:\windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8E37E000 C:\windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8E395000 C:\windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8C92B000 C:\windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x839CC000 C:\windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8DB8A000 C:\windows\System32\Drivers\SysLib2.sys 86016 bytes
0x88B68000 C:\windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x93410000 C:\windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x83B90000 C:\windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8E30F000 C:\windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8E400000 C:\windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x88DAE000 C:\windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x92158000 C:\windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x83B7F000 C:\windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8E3EE000 C:\windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8394D000 C:\windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x832A1000 C:\windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8C800000 C:\windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x92000000 C:\windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x88D6C000 C:\windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x93400000 C:\windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x88BEF000 C:\windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x83971000 C:\windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8EB86000 C:\windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8E2A0000 C:\windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x88DF1000 C:\windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8DA0B000 C:\windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x839E9000 C:\windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x88BD8000 C:\windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8E3E0000 C:\windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x838A4000 C:\windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8E302000 C:\windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x92141000 C:\windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8EBD0000 C:\windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x83916000 C:\windows\system32\DRIVERS\LPCFilter.sys 53248 bytes (COMPAL ELECTRONIC INC., LPCFilter)
0x92134000 C:\windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8EBDF000 C:\windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x96363000 C:\windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8DBDA000 C:\windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8E27C000 C:\windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8DBAD000 C:\windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x83966000 C:\windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x92169000 C:\windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8DA00000 C:\windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8E339000 C:\windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8C942000 C:\windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8EB30000 C:\windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8390B000 C:\windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x9214E000 C:\windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x83B38000 C:\windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x88A00000 C:\windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x88C00000 C:\windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x96338000 C:\windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8EBEC000 C:\windows\system32\DRIVERS\tdcmdpst.sys 40960 bytes (TOSHIBA Corporation., TOSHIBA ODD Writing Driver for x86.)
0x921D9000 C:\windows\System32\drivers\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x83B42000 C:\windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x83B0C000 C:\windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x98B29000 C:\windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x88BE6000 C:\windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8C811000 C:\windows\system32\DRIVERS\SymIMv.sys 36864 bytes (Symantec Corporation, NDIS 6.0 Filter Driver for Windows Vista)
0x82150000 C:\windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x838FA000 C:\windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x832B2000 C:\windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8395E000 C:\windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x88E2D000 C:\windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BCC000 C:\windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x83903000 C:\windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8DBE7000 C:\windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8DBEF000 C:\windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8DBF7000 C:\windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x88FF7000 C:\windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8DBA6000 C:\windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x98B17000 C:\windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x98AD9000 C:\Users\NGUYEN~1\AppData\Local\Temp\mbr.sys 28672 bytes
0x8DB9F000 C:\windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x839E2000 C:\windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8C9D9000 C:\windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x98A6A000 C:\windows\system32\Drivers\LVPr2Mon.sys 20480 bytes (-, -)
0x88FF2000 C:\windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x8EBB4000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8E412000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8EBDD000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x869A11ED unknown_irp_handler 3603 bytes
==============================================
>Stealth
==============================================
0x869A2A91 Unknown page with executable code, 1391 bytes
0x88FB3000 WARNING: Virus alike driver modification [volsnap.sys], 258048 bytes
0x869A3191 Unknown page with executable code, 3695 bytes
0x869A5E7A Unknown thread object [ ETHREAD 0x86907D48 ] TID: 284, 600 bytes
0x869A8008 Unknown thread object [ ETHREAD 0x86C8A2B0 ] TID: 288, 600 bytes
0x869A7CDC Unknown page with executable code, 804 bytes

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:40 PM

Posted 10 June 2011 - 01:16 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 DragonBlade

DragonBlade
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 10 June 2011 - 01:53 AM

Combofix says MSE is running but I do not see it installed, see any processes related to MSE at all and the system icon isnt there either.

And still have the google redirect issue after combofix.

ComboFix 11-06-09.06 - Nguyen Ta 06/09/2011 23:35:37.5.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1103 [GMT -7:00]
Running from: c:\users\Nguyen Ta\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-10 06:40 . 2011-06-10 06:43 -------- d-----w- c:\users\Nguyen Ta\AppData\Local\temp
2011-06-10 06:40 . 2011-06-10 06:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-06-10 06:40 . 2011-06-10 06:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-10 06:31 . 2011-06-10 06:33 -------- d-----w- C:\32788R22FWJFW
2011-06-05 05:52 . 2011-06-05 05:52 -------- d-----w- c:\users\Nguyen Ta\DoctorWeb
2011-06-05 04:28 . 2011-06-05 04:28 388096 ----a-r- c:\users\Nguyen Ta\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-05 04:28 . 2011-06-05 04:28 -------- d-----w- c:\program files\Trend Micro
2011-06-05 03:42 . 2011-06-05 03:43 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\239055
2011-06-05 03:42 . 2011-06-05 03:43 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\237901
2011-06-05 03:42 . 2011-06-05 03:44 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\237417
2011-06-05 03:42 . 2011-06-05 03:43 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\237807
2011-06-03 02:48 . 2011-06-03 02:48 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\ZoomBrowser EX
2011-06-03 02:48 . 2011-06-03 02:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 02:40 . 2011-06-03 02:40 -------- d-----w- c:\programdata\ZoomBrowser
2011-06-03 02:39 . 2011-06-03 02:41 -------- d-----w- c:\program files\Canon
2011-06-03 02:38 . 2011-06-03 02:38 -------- d-----w- c:\program files\Common Files\Canon
2011-05-28 08:11 . 2011-06-05 04:20 -------- d-----w- c:\program files\Real
2011-05-28 07:59 . 2011-05-28 07:59 -------- d-----w- c:\users\Nguyen Ta\AppData\Local\Ilivid Player
2011-05-25 05:21 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-19 05:12 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-16 18:52 . 2011-06-05 04:15 -------- d-----w- c:\programdata\AVAST Software
2011-05-16 18:52 . 2011-05-16 18:52 -------- d-----w- c:\program files\AVAST Software
2011-05-16 04:19 . 2011-05-16 04:19 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\Yahoo!
2011-05-16 04:00 . 2011-05-16 04:00 -------- d-----w- C:\e
2011-05-16 03:56 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 03:56 . 2011-06-05 04:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-15 20:44 . 2011-04-28 05:57 0 ----a-w- c:\users\Nguyen Ta\AppData\Local\Xwiseviwepasuleb.bin
2011-05-10 06:03 . 2011-05-10 06:03 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-10 06:02 . 2011-05-10 06:03 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2011-04-18 08:04 . 2011-04-18 08:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-18 08:04 . 2011-04-18 08:04 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-18 08:04 . 2011-04-18 08:04 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-18 08:04 . 2011-04-18 08:04 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-18 08:04 . 2011-04-18 08:04 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-18 08:04 . 2011-04-18 08:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-18 08:04 . 2011-04-18 08:04 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-18 08:04 . 2011-04-18 08:04 367104 ----a-w- c:\windows\system32\html.iec
2011-04-18 08:04 . 2011-04-18 08:04 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-18 08:04 . 2011-04-18 08:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-18 08:04 . 2011-04-18 08:04 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-18 08:04 . 2011-04-18 08:04 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-18 08:04 . 2011-04-18 08:04 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-18 08:04 . 2011-04-18 08:04 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-18 08:04 . 2011-04-18 08:04 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-18 08:04 . 2011-04-18 08:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-18 08:04 . 2011-04-18 08:04 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-18 08:04 . 2011-04-18 08:04 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-18 08:04 . 2011-04-18 08:04 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-18 08:04 . 2011-04-18 08:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-18 08:04 . 2011-04-18 08:04 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-13 05:13 . 2010-02-27 20:21 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-13 05:13 . 2010-05-19 00:29 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-12 05:30 . 2010-03-09 07:04 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-04-12 05:29 . 2010-03-09 06:59 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-12 05:29 . 2010-06-02 22:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-09 06:13 . 2011-05-11 05:19 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 05:19 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-05 08:24 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-25 03:06 . 2011-05-11 05:19 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:06 . 2011-05-11 05:19 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:06 . 2011-05-11 05:19 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:06 . 2011-05-11 05:19 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:06 . 2011-05-11 05:19 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:06 . 2011-05-11 05:19 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:06 . 2011-05-11 05:19 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-03-12 11:31 . 2011-04-27 05:18 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-14 16:26 . 2011-06-05 04:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-07-14 01:14 28672 --sh--r- c:\windows\System32\Setup\zf32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2009-07-16 5458704]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-12 339968]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
.
c:\users\Nguyen Ta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-02-09 102448]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-28 691696]
R4 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-04-08 117288]
R4 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-04-08 117288]
R4 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-04-08 154152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S1 SysLib1;SysLib1;c:\windows\System32\Drivers\SysLib1.sys [2010-03-09 1484288]
S1 SysLib2;SysLib2;c:\windows\System32\Drivers\SysLib2.sys [2010-03-09 44032]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-08-13 376320]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 18:53]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 18:53]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\users\Nguyen Ta\AppData\Roaming\Mozilla\Firefox\Profiles\o2qkrb6c.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3946389755-2538784782-3990241147-1001\ *& `]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:c5,da,af,66,a3,85,ea,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\system32\sppsvc.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-06-09 23:47:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-10 06:47
ComboFix2.txt 2011-06-05 08:52
.
Pre-Run: 136,802,922,496 bytes free
Post-Run: 136,757,551,104 bytes free
.
- - End Of File - - 2C8E4005C993BD23280226719FB1B776

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:40 PM

Posted 10 June 2011 - 02:24 AM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 DragonBlade

DragonBlade
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 10 June 2011 - 02:45 AM

tdsskiller does not start at all. Nothing happens when I double click it. Same with run as admin.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:40 PM

Posted 10 June 2011 - 02:56 AM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 DragonBlade

DragonBlade
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 10 June 2011 - 04:51 AM

Fri Jun 10 01:44:56 UTC 2011
Driver report for /mnt/sda2/Windows/System32/drivers
b8f458c0471a8fa8688041257b4ad40f fbd.sys has NO Company Name!
d08d19ee68cb88ab1bc5da3081505847 snpstd.sys has NO Company Name!
c4f983c764ac5221c5789225bfe7f99e SysLib1.sys has NO Company Name!
23dadc196f59c151bbf59c0462802c98 SysLib2.sys has NO Company Name!
7c28b63e4c9e5c3be7ffe53789593619 volsnap.sys has NO Company Name!

fbce2f43185104ae8bf4d32571b19203 1394bus.sys
Microsoft Corporation

6d2aca41739bfe8cb86ee8e85f29697d 1394ohci.sys
Microsoft Corporation

98d81ca942d19f7d9153b095162ac013 acpipmi.sys
Microsoft Corporation

f0e07d144c8685b8774bc32fc8da4df0 acpi.sys
Microsoft Corporation

21e785ebd7dc90a06391141aac7892fb adp94xx.sys
Adaptec

0c676bc278d5b59ff5abd57bbe9123f2 adpahci.sys
Adaptec

7c7b5ee4b7b822ec85321fe23a27db33 adpu320.sys
Adaptec

ddc040fdb01ef1712a6b13e52afb104c afd.sys
Microsoft Corporation

57ec4aef73660166074d8f7f31c0d4fd agilevpn.sys
Microsoft Corporation

507812c3054c21cef746b6ee3d04dd6e AGP440.sys
Microsoft Corporation

07758c2196a62f207f77556311e7459a AGRSM.sys
LSI Corporation

0d40bcf52ea90fc7df2aeab6503dea44 aliide.sys
Acer Laboratories

3c6600a0696e90a463771c7422e23ab5 AMDAGP.SYS
Microsoft Corporation

cd5914170297126b6266860198d1d4f0 amdide.sys
Microsoft Corporation

00dda200d71bac534bf56a9db5dfd666 amdk8.sys
Microsoft Corporation

3cbf30f5370fda40dd3e87df38ea53b6 amdppm.sys
Microsoft Corporation

19ce906b4cdc11fc4fef5745f33a63b6 amdsata.sys
Advanced Micro Devices

ea43af0c423ff267355f74e7a53bdaba amdsbs.sys
AMD Technologies

869e67d66be326a5a9159fba8746fa70 amdxata.sys
Advanced Micro Devices

feb834c02ce1e84b6a38f953ca067706 appid.sys
Microsoft Corporation

5d6f36c46fd283ae1b57bd2e9feb0bc7 arcsas.sys
Adaptec

2932004f49677bd84dbc72edb754ffb3 arc.sys
Adaptec

add2ade1c2b285ab8378d2daaf991481 asyncmac.sys
Microsoft Corporation

338c86357871c167a96ab976519bf59e atapi.sys
Microsoft Corporation

bca15585efdde7eba8568bdfb75983a3 ataport.sys
Microsoft Corporation

bd8869eb9cde6bbe4508d869929869ee b57nd60x.sys
Broadcom Corporation

2b8ee031fd700ab942ebe60665440e83 battc.sys
Microsoft Corporation

505506526a9d467307b3c393dedaf858 beep.sys
Microsoft Corporation

2287078ed48fcfc477b05b20cf38f36f blbdrive.sys
Microsoft Corporation

9a5c671b7fbae4865149bb11f59b91b2 bowser.sys
Microsoft Corporation

9f9acc7f7ccde8a15c282d3f88b43309 BrFiltLo.sys
Brother Industries

56801ad62213a41f6497f96dee83755a BrFiltUp.sys
Brother Industries

77361d72a04f18809d0efb6cceb74d4b bridge.sys
Microsoft Corporation

845b8ce732e67f3b4133164868c666ea BrSerId.sys
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries

203f0b1e73adadbbb7b7b1fabd901f6b BrSerWdm.sys
Brother Industries

bd456606156ba17e60a04e18016ae54b BrUsbMdm.sys
Brother Industries

af72ed54503f717a43268b3cc5faec2e BrUsbSer.sys
Brother Industries

ed3df7c56ce0084eb2034432fc56565a bthmodem.sys
Microsoft Corporation

1a231abec60fd316ec54c66715543cec bxvbdx.sys
Broadcom Corporation

18ddfcc4a134b5b75721558ca57636eb CDAVFS.sys
?ba~StringFileInfoZbHCompanyNameCyberDefenderCorp.JFileDescriptionAntivirusDriver>FileVersion,,,vInternalNameCDAVFS.sysr'LegalCopyrightCopyright©CyberDefenderCorp.>vOriginalFilenameCDAVFS.sys@ProductNameCybDefAVDriverBProductVersion,,,DVarFileInfo$Translationt

77ea11b065e0a8ab902d78145ca51e10 cdfs.sys
Microsoft Corporation

ba6e70aa0e6091bc39de29477d866a77 cdrom.sys
Microsoft Corporation

3fe3fe94a34df6fb06e6418d0f6a0060 circlass.sys
Microsoft Corporation

a6388a5abf92c7927c085db0a958125f Classpnp.sys
Microsoft Corporation

dea805815e587dad1dd2c502220b5616 CmBatt.sys
Microsoft Corporation

c537b1db64d495b9b4717b4d6d9edbf2 cmdide.sys
CMD Technology

1b675691ed940766149c93e8f4488d68 cng.sys
Microsoft Corporation

a6023d3823c37043986713f118a89bee compbatt.sys
Microsoft Corporation

f1724ba27e97d627f808fb0ba77a28a6 CompositeBus.sys
Microsoft Corporation

b7efef22ff426ec4158a177cb3b558d3 crashdmp.sys
Microsoft Corporation

2c4ebcfc84a9b44f209dff6c6e6c61d1 crcdisk.sys
Microsoft Corporation

8e09e52ee2e3ceb199ef3dd99cf9e3fb dfsc.sys
Microsoft Corporation

1a050b0274bfb3890703d490f330c0da discache.sys
Microsoft Corporation

c78ea24ce267eaa6bf67caaeb11c0520 Diskdump.sys
Microsoft Corporation

565003f326f99802e68ca78f2a68e9ff disk.sys
Microsoft Corporation

8b30250d573a8f6b4bd23195160d8707 djsvs.sys
Adaptec

b918e7c5f9bf77202f89e1a9539f2eb4 drmkaud.sys
Microsoft Corporation

27f9288af019e6daca281ede51ff5928 drmk.sys
Microsoft Corporation

5428227d4730ebdfc842e9fb593f8c8a Dumpata.sys
Microsoft Corporation

62a63ef2f3053b461cb327e4d69aaa74 dumpfve.sys
Microsoft Corporation

5fcd3320aae71506b43f9e12e4e72172 dxapi.sys
Microsoft Corporation

1679a4669326cb1a67cc95658d273234 dxgkrnl.sys
Microsoft Corporation

cf519d46e5b8bde8d7ba981ba9a174cd dxgmms1.sys
Microsoft Corporation

1b6242b20cb56f85a158e67f09ee84fe dxg.sys
Microsoft Corporation

0ed67910c8c326796faa00b2bf6d9d3c elxstor.sys
Emulex

8fc3208352dd3912c94367a206ab3f11 errdev.sys
Microsoft Corporation

024e1b5cac09731e4d868e64dbfb4ab0 evbdx.sys
Broadcom Corporation

2dc9108d74081149cc8b651d3a26207f exfat.sys
Microsoft Corporation

7e0ab74553476622fb6ae36f73d97d35 fastfat.sys
Microsoft Corporation

b8f458c0471a8fa8688041257b4ad40f fbd.sys

e817a017f82df2a1f8cfdbda29388b29 fdc.sys
Microsoft Corporation

6cf00369c97f3cf563be99be983d13d8 fileinfo.sys
Microsoft Corporation

42c51dc94c91da21cb9196eb64c45db9 filetrace.sys
Microsoft Corporation

87907aa70cb3c56600f1c2fb8841579b flpydisk.sys
Microsoft Corporation

7520ec808e0c35e0ee6f841294316653 fltMgr.sys
Microsoft Corporation

1a16b57943853e598cff37fe2b8cbf1d fsdepends.sys
Microsoft Corporation

a574b4360e438977038aae4bf60d79a2 fs_rec.sys
Microsoft Corporation

d909075fa72c090f27aa926c32cb4612 fssfltr.sys
Microsoft Corporation

dafbd9fe39197495aed6d51f3b85b5d2 fvevol.sys
Microsoft Corporation

5a50439aac7bb7763237a88f0f3a337f FWPKCLNT.SYS
Microsoft Corporation

65ee0c7a58b65e74ae05637418153938 GAGP30KX.SYS
Microsoft Corporation

c44e3c2bab6837db337ddee7544736db hcw85cir.sys
Hauppauge Computer Works

717a2207fd6f13ad3e664c7d5a43c7bf hdaudbus.sys
Microsoft Corporation

3530cad25deba7dc7de8bb51632cbc5f HdAudio.sys
Microsoft Corporation

1d58a7f3e11a9731d0eaaaa8405acc36 hidbatt.sys
Microsoft Corporation

89448f40e6df260c206a193a4683ba78 hidbth.sys
Microsoft Corporation

b682e1cc0fdc7ac04b71d1fa9a07ef21 hidclass.sys
Microsoft Corporation

cf50b4cf4a4f229b9f3c08351f99ca5e hidir.sys
Microsoft Corporation

6c26122f1931d4d7810240f32ddce890 hidparse.sys
Microsoft Corporation

25072fb35ac90b25f9e4e3bacf774102 hidusb.sys
Microsoft Corporation

295fdc419039090eb8b49ffdbb374549 HpSAMD.sys
Hewlett-Packard

c531c7fd9e8b62021112787c4e2c5a5a http.sys
Microsoft Corporation

8305f33cde89ad6c7a0763ed0b5a8d42 hwpolicy.sys
Microsoft Corporation

f151f0bdc47f4a28b1b20a0818ea36d6 i8042prt.sys
Microsoft Corporation

d483687eace0c065ee772481a96e05f5 iaStor.sys
Intel Corporation

71f1a494fedf4b33c02c4a6a28d6d9e9 iaStorV.sys
Intel Corporation

315aaaa2bc9bc778adc0454b3ca8dcce igdkmd32.sys
Intel Corporation

4173ff5708f3236cf25195fecd742915 iirsp.sys
Intel Corp

a0f12f2c9ba6c72f3987ce780e77c130 intelide.sys
Microsoft Corporation

3b514d27bfc4accb4037bc6685f766e0 intelppm.sys
Microsoft Corporation

709d1761d3b19a932ff0238ea6d50200 ipfltdrv.sys
Microsoft Corporation

e4454b6c37d7ffd5649611f6496308a7 IPMIDrv.sys
Microsoft Corporation

a5fa468d67abcdaa36264e463a7bb0cd ipnat.sys
Microsoft Corporation

9f7e491fb0ba0f9e370163834fc1fe31 irda.sys
Microsoft Corporation

42996cff20a3084a56017b7902307e9f irenum.sys
Microsoft Corporation

1f32bb6b38f62f7df1a7ab7292638a35 isapnp.sys
Microsoft Corporation

adef52ca1aeae82b50df86b56413107e kbdclass.sys
Microsoft Corporation

3d9f0ebf350edcfd6498057301455964 kbdhid.sys
Microsoft Corporation

e36a061ec11b373826905b21be10948f ksecdd.sys
Microsoft Corporation

365c6154bbbc5377173f1ca7bfb6cc59 ksecpkg.sys
Microsoft Corporation

9e79e2354301783d5e0d48411c2a7466 ks.sys
Microsoft Corporation

f7611ec07349979da9b0ae1f18ccc7a6 lltdio.sys
Microsoft Corporation

6e3d3816749e107883eec5734ce44493 LPCFilter.sys
tH`VS_VERSION_INFOnn?StringFileInfobCommentsNCompanyNameCOMPALELECTRONICINC.<nFileDescriptionLPCFilter:rFileVersion,,,nInternalNameLPCFilterLegalCopyrightCopyright©CompalElectronics,INC.-(LegalTrademarksDOriginalFilenameLPCFilter.sysPrivateBuildProductName>rProductVersion,,,SpecialBuildDVarFileInfo$Translationt

eb119a53ccf2acc000ac71b065b78fef lsi_fc.sys
LSI Corporation

dc9dc3d3daa0e276fd2ec262e38b11e9 lsi_sas2.sys
LSI Corporation

8ade1c877256a22e49b75d1cc9161f9c lsi_sas.sys
LSI Corporation

0a036c7d7cab643a7f07135ac47e0524 lsi_scsi.sys
LSI Corporation

6703e366cc18d3b6e534f5cf7df39cee luafv.sys
Microsoft Corporation

1a7db7a00a4b0d8da24cd691a4547291 LVPr2Mon.sys
Logitech
?StringFileInfoBFCompanyNameLogicoolCo.,Ltd.XFileDescriptionLogicoolProcMonDriver:rFileVersion...:rInternalNameLVPrMon.sys.LegalCopyright©-Logicool.Allrightsreserved.BrOriginalFilenameLVPrMon.sysRProductNameLogicoolWebcamSoftware>rProductVersion...DVarFileInfo$Translation&

a240e42a7402e927a71b6e8aa4629b13 lvuvc.sys
Logitech
?StringFileInfoBFCompanyNameLogicoolCo.,Ltd.hFileDescriptionLogicoolUSBVideoClassDriver:rFileVersion...nInternalNamelvuvc.sys.LegalCopyright©-Logicool.Allrightsreserved.<nOriginalFilenamelvuvc.sysRProductNameLogicoolWebcamSoftware>rProductVersion...DVarFileInfo$Translation%

b309912717c29fc67e1ba4730a82b6dd mbamswissarmy.sys
Malwarebytes Corporation

ef08d2ebe3eabba43cc57eee001027b6 mcd.sys
Microsoft Corporation

0fff5b045293002ab38eb1fd1fc2fb74 megasas.sys
LSI Corporation

dcbab2920c75f390caf1d29f675d03d6 MegaSR.sys
LSI Corporation

f001861e5700ee84e2d4e52c712f4964 modem.sys
Microsoft Corporation

79d10964de86b292320e9dfe02282a23 monitor.sys
Microsoft Corporation

fb18cc1d4c2e716b6b903b0ac0cc0609 mouclass.sys
Microsoft Corporation

2c388d2cd01c9042596cf3c8f3c7b24d mouhid.sys
Microsoft Corporation

921c18727c5920d6c0300736646931c2 mountmgr.sys
Microsoft Corporation

2af5997438c55fb79d33d015c30e1974 mpio.sys
Microsoft Corporation

ad2723a7b53dd1aacae6ad8c0bfbf4d0 mpsdrv.sys
Microsoft Corporation

b1be47008d20e43da3adc37c24cdb89d mrxdav.sys
Microsoft Corporation

e593d45024a3fdd11e93cc4a6ca91101 mrxsmb10.sys
Microsoft Corporation

a9f86c82c9cc3b679cc3957e1183a30f mrxsmb20.sys
Microsoft Corporation

b4c76ef46322a9711c7b0f4e21ef6ea5 mrxsmb.sys
Microsoft Corporation

4326d168944123f38dd3b2d9c37a0b12 msahci.sys
Microsoft Corporation

455029c7174a2dbb03dba8a0d8bddd9a msdsm.sys
Microsoft Corporation

daefb28e3af5a76abcc2c3078c07327f msfs.sys
Microsoft Corporation

3e1e5767043c5af9367f0056295e9f84 mshidkmdf.sys
Microsoft Corporation

0a4e5757ae09fa9622e3158cc1aef114 msisadrv.sys
Microsoft Corporation

ed46c223ae46c6866ab77cdc41c404b7 msiscsi.sys
Microsoft Corporation

8c0860d6366aaffb6c5bb9df9448e631 mskssrv.sys
Microsoft Corporation

3ea8b949f963562cedbb549eac0c11ce mspclock.sys
Microsoft Corporation

f456e973590d663b1073e9c463b40932 mspqm.sys
Microsoft Corporation

0e008fc4819d238c51d7c93e7b41e560 msrpc.sys
Microsoft Corporation

fc6b9ff600cc585ea38b12589bd4e246 mssmbios.sys
Microsoft Corporation

b42c6b921f61a6e55159b8be6cd54a36 mstee.sys
Microsoft Corporation

33599130f44e1f34631cea241de8ac84 MTConfig.sys
Microsoft Corporation

159fad02f64e6381758c990f753bcc80 mup.sys
Microsoft Corporation

0e1787aa6c9191d3d319e8bafe86f80c ndiscap.sys
Microsoft Corporation

23759d175a0a9baaf04d05047bc135a8 ndis.sys
Microsoft Corporation

e4a8aec125a2e43a9e32afeea7c9c888 ndistapi.sys
Microsoft Corporation

b30ae7f2b6d7e343b0df32e6c08fce75 ndisuio.sys
Microsoft Corporation

267c415eadcbe53c9ca873dee39cf3a4 ndiswan.sys
Microsoft Corporation

af7e7c63dcef3f8772726f86039d6eb4 ndproxy.sys
Microsoft Corporation

80b275b1ce3b0e79909db7b39af74d51 netbios.sys
Microsoft Corporation

dd52a733bf4ca5af84562a5e2f963b91 netbt.sys
Microsoft Corporation

f9af5386a27b2b9dbc5a0c990a9020fe netio.sys
Microsoft Corporation

1d85c4b390b0ee09c7a46b91efb2c097 nfrd960.sys
IBM Corp

1db262a9f8c087e8153d89bef3d2235f npfs.sys
Microsoft Corporation

e9a0a4d07e53d8fea2bb8387a3293c58 nsiproxy.sys
Microsoft Corporation

187002ce05693c306f43c873f821381f ntfs.sys
Microsoft Corporation

f9756a98d69098dca8945d62858a812c null.sys
Microsoft Corporation

5a0983915f02bae73267cc2a041f717d NV_AGP.SYS
Microsoft Corporation

f1b0bed906f97e16f6d0c3629d2f21c6 nvraid.sys
NVIDIA Corporation

4520b63899e867f354ee012d34e11536 nvstor.sys
NVIDIA Corporation

26384429fcd85d83746f63e798ab1480 nwifi.sys
Microsoft Corporation

08a70a1f2cdde9bb49b885cb817a66eb ohci1394.sys
Microsoft Corporation

6270ccae2a86de6d146529fe55b3246a pacer.sys
Microsoft Corporation

2ea877ed5dd9713c5ac74e8ea7348d14 parport.sys
Microsoft Corporation

ff4218952b51de44fe910953a3e686b9 partmgr.sys
Microsoft Corporation

eb0a59f29c19b86479d36b35983daadc parvdm.sys
Microsoft Corporation

afe86f419014db4e5593f69ffe26ce0a pciide.sys
Microsoft Corporation

ede040d666ff81bf1978d0f19f799e7a pciidex.sys
Microsoft Corporation

c858cb77c577780ecc456a892e7e7d0f pci.sys
Microsoft Corporation

f396431b31693e71e8a80687ef523506 pcmcia.sys
Microsoft Corporation

250f6b43d2b613172035c6747aeeb19f pcw.sys
Microsoft Corporation

9e0104ba49f4e6973749a02bf41344ed PEAuth.sys
Microsoft Corporation

d72708c9f49500c13d7d067e169b7715 portcls.sys
Microsoft Corporation

85b1e3a0c7585bc4aae6899ec6fcf011 processr.sys
Microsoft Corporation

ab95ecf1f6659a60ddc166d8315b0751 ql2300.sys
QLogic Corporation

b4dd51dd25182244b86737dc51af2270 ql40xx.sys
QLogic Corporation

584078ca1b95ca72df2a27c336f9719d qwavedrv.sys
Microsoft Corporation

30a81b53c766d0133bb86d234e5556ab rasacd.sys
Microsoft Corporation

d9f91eafec2815365cbe6d167e4e332a rasl2tp.sys
Microsoft Corporation

0fe8b15916307a6ac12bfb6a63e45507 raspppoe.sys
Microsoft Corporation

631e3e205ad6d86f2aed6a4a8e69f2db raspptp.sys
Microsoft Corporation

44101f495a83ea6401d886e7fd70096b rassstp.sys
Microsoft Corporation

835d7e81bf517a3b72384bdcc85e1ce6 rdbss.sys
Microsoft Corporation

0d8f05481cb76e70e1da06ee9f0da9df rdpbus.sys
Microsoft Corporation

1e016846895b15a99f9a176a05029075 RDPCDD.sys
Microsoft Corporation

5a53ca1598dd4156d44196d200c94b8a RDPENCDD.sys
Microsoft Corporation

44b0a53cd4f27d50ed461dae0c0b4e1f RDPREFMP.sys
Microsoft Corporation

801371ba9782282892d00aadb08ee367 rdpwd.sys
Microsoft Corporation

4ea225bf1cf05e158853f30a99ca29a7 rdyboost.sys
Microsoft Corporation

b4090006a82eeb608c358ab5d37de85a rmcast.sys
Microsoft Corporation

7400cfab5cf36f2294e80b3f3bda3ebc RNDISMP.sys
Microsoft Corporation

564297827d213f52c7a3a2ff749568ca rootmdm.sys
Microsoft Corporation

032b0d36ad92b582d869879f5af5b928 rspndr.sys
Microsoft Corporation

26a9d6227d12b9d9da5a81bb9b55d810 Rt86win7.sys
?bStringFileInfoBCompanyNameRealtek*

e4a2e810cb2607c9c159c0dfb0bd4c88 RTKVHDA.sys
Realtek Semiconductor

0a804a2375b99419d13821b451651856 RTL8187B.sys
Realtek Semiconductor

34ee0c44b724e3e4ce2eff29126de5b5 sbp2port.sys
Microsoft Corporation

a95c54b2ac3cc9c73fcdf9e51a1d6b51 scfilter.sys
Microsoft Corporation

f9882099e58ecf8b0e1c7afa5d2cc56d scsiport.sys
Microsoft Corporation

90a3935d05b494a5a39d37e71f09a677 secdrv.sys
Macrovision Corporation

9ad8b8b515e3df6acd4212ef465de2d1 serenum.sys
Microsoft Corporation

5fb7fcea0490d821f26f39cc5ea3d1e2 serial.sys
Microsoft Corporation

79bffb520327ff916a582dfea17aa813 sermouse.sys
Microsoft Corporation

9f976e1eb233df46fce808d9dea3eb9c sffdisk.sys
Microsoft Corporation

932a68ee27833cfd57c1639d375f2731 sffp_mmc.sys
Microsoft Corporation

4f1e5b0fe7c8050668dbfade8999aefb sffp_sd.sys
Microsoft Corporation

db96666cc8312ebc45032f30b007a547 sfloppy.sys
Microsoft Corporation

2565cac0dc9fe0371bdce60832582b2e SISAGP.SYS
Microsoft Corporation

a9f0486851becb6dda1d89d381e71055 sisraid2.sys
Silicon Integrated Systems

3727097b55738e2f554972c3be5bc1aa sisraid4.sys
Silicon Integrated Systems

3e21c083b8a01cb70ba1f09303010fce smb.sys
Microsoft Corporation

2e467e6ca8e0a140c08011844c0d3936 smclib.sys
Microsoft Corporation

d08d19ee68cb88ab1bc5da3081505847 snpstd.sys

95cf1ae7527fb70f7816563cbc09d942 spldr.sys
Microsoft Corporation

d16d818e9930a6e5b4f6476dd0998d1a spsys.sys
Microsoft Corporation

cdddec541bc3c96f91ecb48759673505 sptd.sys
Duplex Secure

14c44875518ae1c982e54ea8c5f7fe28 srv2.sys
Microsoft Corporation

07a14223b0a50e76ade003fdf95d4fec srvnet.sys
Microsoft Corporation

4a9b0f215de2519e2363f91df25c1e97 srv.sys
Microsoft Corporation

df5c19f053eff7f8ba25d73aea899656 ssm_bus.sys
MCCI SAMSUNG

a2c7705a4745a60b875f931860df3557 ssm_cmnt.sys
MCCI SAMSUNG

a2c7705a4745a60b875f931860df3557 ssm_cm.sys
MCCI SAMSUNG

5347169fa449eabc4d0728ae39fab926 ssm_mdfl.sys
MCCI SAMSUNG

7aae23dd105eed15c4f45fc269fa42a9 ssm_mdm.sys
MCCI SAMSUNG

5f4d52b9c1a7312598d88cbaecb3fc70 ssm_whnt.sys
MCCI SAMSUNG

5f4d52b9c1a7312598d88cbaecb3fc70 ssm_wh.sys
MCCI SAMSUNG

db32d325c192b801df274bfd12a7e72b stexstor.sys
Promise Technology

32c8e15e6f1ef98949a96451d42cec70 storport.sys
Microsoft Corporation

45b44fc9e5ac0db02b19d515ee809de5 stream.sys
Microsoft Corporation

e58c78a848add9610a4db6d214af5224 swenum.sys
Microsoft Corporation

34f1c9d5dcc19df1e824d6b73767b8af SymIMV.sys
Symantec Corporation

8bd10dc8809dc69a1c5a795cb10add76 SynTP.sys
Synaptics

c4f983c764ac5221c5789225bfe7f99e SysLib1.sys

23dadc196f59c151bbf59c0462802c98 SysLib2.sys

949c35bf4ae6c110a924ab5e2175dda7 tape.sys
Microsoft Corporation

e64444523add154f86567c469bc0b17f tcpipreg.sys
Microsoft Corporation

bb7f39c31c4a4417fd318e7cd184e225 tcpip.sys
Microsoft Corporation

4084ea00d50c858d6f9038f86ae2e2d0 tdcmdpst.sys
Toshiba Corporation

52639c994fe3cd975bfe7428b939b320 tdi.sys
Microsoft Corporation

1875c1490d99e70e449e3afae9fcbadf tdpipe.sys
Microsoft Corporation

7551e91ea999ee9a8e9c331d5a9c31f3 tdtcp.sys
Microsoft Corporation

cb39e896a2a83702d1737bfd402b3542 tdx.sys
Microsoft Corporation

c36f41ee20e6999dbf4b0425963268a5 termdd.sys
Microsoft Corporation

969377943fe7284609babbab4e06b93c tos_sps32.sys
Toshiba Corporation

98ae6fa07d12cb4ec5cf4a9bfa5f4242 tssecsrv.sys
Microsoft Corporation

3e461d890a97f9d4c168f5fda36e1d00 tunnel.sys
Microsoft Corporation

fc24015b4052600c324c43e3a79c0664 TVALZ_O.SYS
Toshiba Corporation

750fbcb269f4d7dd2e420c56b795db6d UAGP35.SYS
Microsoft Corporation

09cc3e16f8e5ee7168e01cf8fcbe061a udfs.sys
Microsoft Corporation

44e8048ace47befbfdc2e9be4cbc8880 ULIAGPKX.SYS
Microsoft Corporation

049b3a50b3d646baeeee9eec9b0668dc umbus.sys
Microsoft Corporation

7550ad0c6998ba1cb4843e920ee0feac umpass.sys
Microsoft Corporation

b71da871254d96d0349639d03e4c1cc1 usb8023.sys
Microsoft Corporation

2190f65ec7e9ae7a301e01e4261acef8 USBCAMD2.sys
Microsoft Corporation

47d88f155eb4e4be60ebd76ac8d17db7 USBCAMD.sys
Microsoft Corporation

c31ae588e403042632dc796cf09e30b0 usbccgp.sys
Microsoft Corporation

04ec7cec62ec3b6d9354eee93327fc82 usbcir.sys
Microsoft Corporation

675c1d745f68343f372897f761f999e3 usbd.sys
Microsoft Corporation

e4c436d914768ce965d5e659ba7eebd8 usbehci.sys
Microsoft Corporation

bdcd7156ec37448f08633fd899823620 usbhub.sys
Microsoft Corporation

eb2d819a639015253c871cda09d91d58 usbohci.sys
Microsoft Corporation

3d0074a19d16a9944be32ee1ffbbb554 usbport.sys
Microsoft Corporation

797d862fe0875e75c7cc4c1ad7b30252 usbprint.sys
Microsoft Corporation

fb9f340ecacdaeb939372cc543e72c6d usbrpm.sys
Microsoft Corporation

1c4287739a93594e57e2a9e6a3ed7353 USBSTOR.SYS
Microsoft Corporation

22480bf4e5a09192e5e30ba4dde79fa4 usbuhci.sys
Microsoft Corporation

a059c4c3edb09e07d21a8e5c0aabd3cb vdrvroot.sys
Microsoft Corporation

17c408214ea61696cec9c66e388b14f3 vgapnp.sys
Microsoft Corporation

8e38096ad5c8570a6f1570a61e251561 vga.sys
Microsoft Corporation

3be6e1f3a4f1afec8cee0d7883f93583 vhdmp.sys
Microsoft Corporation

c829317a37b4bea8f39735d4b076e923 VIAAGP.SYS
Microsoft Corporation

e02f079a6aa107f06b16549c6e5c7b74 viac7.sys
Microsoft Corporation

e43574f6a56a0ee11809b48c09e4fd3c viaide.sys
VIA Technologies

15c126d1b55814b9e5cab10a9c1f4c67 videoprt.sys
Microsoft Corporation

384e5a2aa49934295171e499f86ba6f3 volmgr.sys
Microsoft Corporation

b5bb72067ddddbbfb04b2f89ff8c3c87 volmgrx.sys
Microsoft Corporation

7c28b63e4c9e5c3be7ffe53789593619 volsnap.sys

9dfa0cc2f8855a04816729651175b631 vsmraid.sys
VIA Technologies

90567b1e658001e79d7c8bbd3dde5aa6 vwifibus.sys
Microsoft Corporation

7090d3436eeb4e7da3373090a23448f7 vwififlt.sys
Microsoft Corporation

a3f04cbea6c2a10e6cb01f8b47611882 vwifimp.sys
Microsoft Corporation

de3721e89c653aa281428c8a69745d90 wacompen.sys
Microsoft Corporation

692a712062146e96d28ba0b7d75de31b wanarp.sys
Microsoft Corporation

cb45a417c8ef7ba6bac67edcdded8700 watchdog.sys
Microsoft Corporation

9950e3d0f08141c7e89e64456ae7dc73 Wdf01000.sys
Microsoft Corporation

fe7a7675c26fe936226641ef32ae9bb5 WdfLdr.sys
Microsoft Corporation

1112a9badacb47b7c0bb0392e3158dff wd.sys
Microsoft Corporation

8b9a943f3b53861f2bfaf6c186168f79 wfplwf.sys
Microsoft Corporation

5cf95b35e59e2a38023836fff31be64c wimmount.sys
Microsoft Corporation

0217679b8fca58714c3bf2726d2ca84e wmiacpi.sys
Microsoft Corporation

9a5b1059fe015db5269fbb25acbf841d wmilib.sys
Microsoft Corporation

6db3276587b853bf886b69528fdb048c ws2ifsl.sys
Microsoft Corporation

6f9b6c0c93232cff47d0f72d6db1d21e WUDFPf.sys
Microsoft Corporation

f91ff1e51fca30b3c3981db7d5924252 WUDFRd.sys
Microsoft Corporation

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:40 PM

Posted 10 June 2011 - 05:02 AM

  • Boot the computer with the USB drive again.
  • Click on File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see driver.sh.
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    fbd.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • After the search is completed type Exit
  • After it has finished a report will be located in the USB drive as filefind.txt
  • Please post it for my review

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 DragonBlade

DragonBlade
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 10 June 2011 - 05:23 AM

Search results for fbd.sys

b8f458c0471a8fa8688041257b4ad40f /mnt/sda2/Windows/System32/drivers/fbd.sys
13 Jan 7 2010


Search results for volsnap.sys

7c28b63e4c9e5c3be7ffe53789593619 /mnt/sda2/Windows/System32/drivers/volsnap.sys
239.6K Jul 14 2009

58df9d2481a56edde167e51b334d44fd /mnt/sda2/Windows/System32/DriverStore/FileRepository/volume.inf_x86_neutral_29364d30156a24ca/volsnap.sys
239.6K Jul 14 2009

58df9d2481a56edde167e51b334d44fd /mnt/sda2/Windows/winsxs/x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e/volsnap.sys
239.6K Jul 14 2009

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:40 PM

Posted 10 June 2011 - 07:09 AM

Hello

I want you to boot back into the usb drive

Navigate to this file - /mnt/sda2/Windows/System32/DriverStore/FileRepository/volume.inf_x86_neutral_29364d30156a24ca/volsnap.sys right click on it and select copy

Now I want you to navigate to this file - /mnt/sda2/Windows/System32/drivers/volsnap.sys right click on this file and select rename and rename it to volsnap.old

Right click anywhere in the drivers folder and select paste

remove the usb and restart the computer

rerun combofix for me now and send me the report and let me know how the computer is doing

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 DragonBlade

DragonBlade
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 10 June 2011 - 07:40 AM

Did a few tests and so far, no redirects. Thank you so much!


ComboFix 11-06-10.02 - Nguyen Ta 06/10/2011 5:27.6.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1106 [GMT -7:00]
Running from: c:\users\Nguyen Ta\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-10 12:32 . 2011-06-10 12:35 -------- d-----w- c:\users\Nguyen Ta\AppData\Local\temp
2011-06-10 12:32 . 2011-06-10 12:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-06-10 12:32 . 2011-06-10 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-10 05:18 . 2009-07-14 01:19 245328 ------w- c:\windows\system32\drivers\volsnap.sys
2011-06-05 05:52 . 2011-06-05 05:52 -------- d-----w- c:\users\Nguyen Ta\DoctorWeb
2011-06-05 04:28 . 2011-06-05 04:28 388096 ----a-r- c:\users\Nguyen Ta\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-05 04:28 . 2011-06-05 04:28 -------- d-----w- c:\program files\Trend Micro
2011-06-05 03:42 . 2011-06-05 03:43 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\239055
2011-06-05 03:42 . 2011-06-05 03:43 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\237901
2011-06-05 03:42 . 2011-06-05 03:44 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\237417
2011-06-05 03:42 . 2011-06-05 03:43 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\237807
2011-06-03 02:48 . 2011-06-03 02:48 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\ZoomBrowser EX
2011-06-03 02:48 . 2011-06-03 02:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 02:40 . 2011-06-03 02:40 -------- d-----w- c:\programdata\ZoomBrowser
2011-06-03 02:39 . 2011-06-03 02:41 -------- d-----w- c:\program files\Canon
2011-06-03 02:38 . 2011-06-03 02:38 -------- d-----w- c:\program files\Common Files\Canon
2011-05-28 08:11 . 2011-06-05 04:20 -------- d-----w- c:\program files\Real
2011-05-28 07:59 . 2011-05-28 07:59 -------- d-----w- c:\users\Nguyen Ta\AppData\Local\Ilivid Player
2011-05-25 05:21 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-19 05:12 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-16 18:52 . 2011-06-05 04:15 -------- d-----w- c:\programdata\AVAST Software
2011-05-16 18:52 . 2011-05-16 18:52 -------- d-----w- c:\program files\AVAST Software
2011-05-16 04:19 . 2011-05-16 04:19 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\Yahoo!
2011-05-16 04:00 . 2011-05-16 04:00 -------- d-----w- C:\e
2011-05-16 03:56 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 03:56 . 2011-06-05 04:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-15 20:44 . 2011-04-28 05:57 0 ----a-w- c:\users\Nguyen Ta\AppData\Local\Xwiseviwepasuleb.bin
2011-05-10 06:03 . 2011-05-10 06:03 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-10 06:02 . 2011-05-10 06:03 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2011-04-18 08:04 . 2011-04-18 08:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-18 08:04 . 2011-04-18 08:04 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-18 08:04 . 2011-04-18 08:04 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-18 08:04 . 2011-04-18 08:04 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-18 08:04 . 2011-04-18 08:04 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-18 08:04 . 2011-04-18 08:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-18 08:04 . 2011-04-18 08:04 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-18 08:04 . 2011-04-18 08:04 367104 ----a-w- c:\windows\system32\html.iec
2011-04-18 08:04 . 2011-04-18 08:04 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-18 08:04 . 2011-04-18 08:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-18 08:04 . 2011-04-18 08:04 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-18 08:04 . 2011-04-18 08:04 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-18 08:04 . 2011-04-18 08:04 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-18 08:04 . 2011-04-18 08:04 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-18 08:04 . 2011-04-18 08:04 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-18 08:04 . 2011-04-18 08:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-18 08:04 . 2011-04-18 08:04 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-18 08:04 . 2011-04-18 08:04 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-18 08:04 . 2011-04-18 08:04 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-18 08:04 . 2011-04-18 08:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-18 08:04 . 2011-04-18 08:04 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-13 05:13 . 2010-02-27 20:21 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-13 05:13 . 2010-05-19 00:29 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-12 05:30 . 2010-03-09 07:04 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-04-12 05:29 . 2010-03-09 06:59 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-12 05:29 . 2010-06-02 22:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-09 06:13 . 2011-05-11 05:19 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 05:19 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-05 08:24 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-25 03:06 . 2011-05-11 05:19 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:06 . 2011-05-11 05:19 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:06 . 2011-05-11 05:19 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:06 . 2011-05-11 05:19 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:06 . 2011-05-11 05:19 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:06 . 2011-05-11 05:19 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:06 . 2011-05-11 05:19 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-04-14 16:26 . 2011-06-05 04:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-07-14 01:14 28672 --sh--r- c:\windows\System32\Setup\zf32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2009-07-16 5458704]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-12 339968]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
.
c:\users\Nguyen Ta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-02-09 102448]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-28 691696]
R4 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-04-08 117288]
R4 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-04-08 117288]
R4 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-04-08 154152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S1 SysLib1;SysLib1;c:\windows\System32\Drivers\SysLib1.sys [2010-03-09 1484288]
S1 SysLib2;SysLib2;c:\windows\System32\Drivers\SysLib2.sys [2010-03-09 44032]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-08-13 376320]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 18:53]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 18:53]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\users\Nguyen Ta\AppData\Roaming\Mozilla\Firefox\Profiles\o2qkrb6c.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3946389755-2538784782-3990241147-1001\ *& `]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:c5,da,af,66,a3,85,ea,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\system32\sppsvc.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-06-10 05:38:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-10 12:38
ComboFix2.txt 2011-06-10 06:47
ComboFix3.txt 2011-06-05 08:52
.
Pre-Run: 136,815,280,128 bytes free
Post-Run: 136,607,342,592 bytes free
.
- - End Of File - - 04E789503125F9DD97D912DD76D87A73

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:40 PM

Posted 10 June 2011 - 07:50 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

File::
c:\windows\System32\Setup\zf32.dll


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 DragonBlade

DragonBlade
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 10 June 2011 - 04:35 PM

Computer feels fine at the moment

ComboFix 11-06-10.08 - Nguyen Ta 06/10/2011 14:20:03.7.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.961 [GMT -7:00]
Running from: c:\users\Nguyen Ta\Desktop\ComboFix.exe
Command switches used :: c:\users\Nguyen Ta\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\Setup\zf32.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\Setup\zf32.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-10 21:24 . 2011-06-10 21:30 -------- d-----w- c:\users\Nguyen Ta\AppData\Local\temp
2011-06-10 21:24 . 2011-06-10 21:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-06-10 21:24 . 2011-06-10 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-10 05:18 . 2009-07-14 01:19 245328 ------w- c:\windows\system32\drivers\volsnap.sys
2011-06-05 05:52 . 2011-06-05 05:52 -------- d-----w- c:\users\Nguyen Ta\DoctorWeb
2011-06-05 04:28 . 2011-06-05 04:28 388096 ----a-r- c:\users\Nguyen Ta\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-05 04:28 . 2011-06-05 04:28 -------- d-----w- c:\program files\Trend Micro
2011-06-05 03:42 . 2011-06-05 03:43 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\239055
2011-06-05 03:42 . 2011-06-05 03:43 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\237901
2011-06-05 03:42 . 2011-06-05 03:44 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\237417
2011-06-05 03:42 . 2011-06-05 03:43 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\237807
2011-06-03 02:48 . 2011-06-03 02:48 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\ZoomBrowser EX
2011-06-03 02:48 . 2011-06-03 02:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 02:40 . 2011-06-03 02:40 -------- d-----w- c:\programdata\ZoomBrowser
2011-06-03 02:39 . 2011-06-03 02:41 -------- d-----w- c:\program files\Canon
2011-06-03 02:38 . 2011-06-03 02:38 -------- d-----w- c:\program files\Common Files\Canon
2011-05-28 08:11 . 2011-06-05 04:20 -------- d-----w- c:\program files\Real
2011-05-28 07:59 . 2011-05-28 07:59 -------- d-----w- c:\users\Nguyen Ta\AppData\Local\Ilivid Player
2011-05-25 05:21 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-19 05:12 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-16 18:52 . 2011-06-05 04:15 -------- d-----w- c:\programdata\AVAST Software
2011-05-16 18:52 . 2011-05-16 18:52 -------- d-----w- c:\program files\AVAST Software
2011-05-16 04:19 . 2011-05-16 04:19 -------- d-----w- c:\users\Nguyen Ta\AppData\Roaming\Yahoo!
2011-05-16 04:00 . 2011-05-16 04:00 -------- d-----w- C:\e
2011-05-16 03:56 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 03:56 . 2011-06-05 04:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-15 20:44 . 2011-04-28 05:57 0 ----a-w- c:\users\Nguyen Ta\AppData\Local\Xwiseviwepasuleb.bin
2011-05-10 06:03 . 2011-05-10 06:03 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-10 06:02 . 2011-05-10 06:03 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2011-04-18 08:04 . 2011-04-18 08:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-18 08:04 . 2011-04-18 08:04 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-18 08:04 . 2011-04-18 08:04 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-18 08:04 . 2011-04-18 08:04 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-18 08:04 . 2011-04-18 08:04 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-18 08:04 . 2011-04-18 08:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-18 08:04 . 2011-04-18 08:04 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-18 08:04 . 2011-04-18 08:04 367104 ----a-w- c:\windows\system32\html.iec
2011-04-18 08:04 . 2011-04-18 08:04 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-18 08:04 . 2011-04-18 08:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-18 08:04 . 2011-04-18 08:04 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-18 08:04 . 2011-04-18 08:04 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-18 08:04 . 2011-04-18 08:04 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-18 08:04 . 2011-04-18 08:04 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-18 08:04 . 2011-04-18 08:04 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-18 08:04 . 2011-04-18 08:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-18 08:04 . 2011-04-18 08:04 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-18 08:04 . 2011-04-18 08:04 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-18 08:04 . 2011-04-18 08:04 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-18 08:04 . 2011-04-18 08:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-18 08:04 . 2011-04-18 08:04 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-13 05:13 . 2010-02-27 20:21 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-13 05:13 . 2010-05-19 00:29 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-12 05:30 . 2010-03-09 07:04 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-04-12 05:29 . 2010-03-09 06:59 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-12 05:29 . 2010-06-02 22:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-09 06:13 . 2011-05-11 05:19 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 05:19 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-05 08:24 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-25 03:06 . 2011-05-11 05:19 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:06 . 2011-05-11 05:19 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:06 . 2011-05-11 05:19 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:06 . 2011-05-11 05:19 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:06 . 2011-05-11 05:19 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:06 . 2011-05-11 05:19 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:06 . 2011-05-11 05:19 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-04-14 16:26 . 2011-06-05 04:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2009-07-16 5458704]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-12 339968]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
.
c:\users\Nguyen Ta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-02-09 102448]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-28 691696]
R4 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-04-08 117288]
R4 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-04-08 117288]
R4 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-04-08 154152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S1 SysLib1;SysLib1;c:\windows\System32\Drivers\SysLib1.sys [2010-03-09 1484288]
S1 SysLib2;SysLib2;c:\windows\System32\Drivers\SysLib2.sys [2010-03-09 44032]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-08-13 376320]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 18:53]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 18:53]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\users\Nguyen Ta\AppData\Roaming\Mozilla\Firefox\Profiles\o2qkrb6c.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3946389755-2538784782-3990241147-1001\ *& `]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:c5,da,af,66,a3,85,ea,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
.
**************************************************************************
.
Completion time: 2011-06-10 14:34:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-10 21:34
ComboFix2.txt 2011-06-10 12:38
ComboFix3.txt 2011-06-10 06:47
ComboFix4.txt 2011-06-05 08:52
.
Pre-Run: 136,695,545,856 bytes free
Post-Run: 136,367,042,560 bytes free
.
- - End Of File - - 34DD0AB1C91DA2BFC182CBFF3ED735D8




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users