Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Hijack - Windows 7 - 64bit


  • This topic is locked This topic is locked
11 replies to this topic

#1 leaverj

leaverj

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 13 August 2011 - 04:33 PM

My laptop has recently become infected with some sort of malware which is hijacking internet explorer causing redirects every time I click on a link after running a search on Google. Basically, if I search for something on Google, the results are presented as usual. If I then click on a link the malware kicks in and redirects to another site. If I click back a few times in quick succession I can get back to the google search results and then when I click the same link again, I go straight to the correct page.

I've tried lots, Adaware, Malwarebytes, Spybot, Webroot, Combofix and Norton, some problems were found and fixed but this annoying issue still remains.

My HijackThis log is below, I hope someone can help:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:02:50, on 10/08/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe"
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_Win32.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: IconMan_R - Unknown owner - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: lxbu_device - - C:\Windows\system32\lxbucoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10837 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:13 PM

Posted 17 August 2011 - 07:10 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 leaverj

leaverj
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 17 August 2011 - 01:43 PM

Hi Gringo

Please see logs below:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Leaver at 19:28:12 on 2011-08-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3891.2258 [GMT 1:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\lxbucoms.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
uRun: [TOSHIBA Online Product Information] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe"
mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SVPWUTIL] "C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{56178BA6-411C-49E2-AFF1-ED0AFA57E245} : DhcpNameServer = 100.100.0.101
TCP: Interfaces\{BDD6CABE-7A92-44C8-BF1F-331AEB3EA324} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{BDD6CABE-7A92-44C8-BF1F-331AEB3EA324}\4516C6B64516C6B683365653B6 : DhcpNameServer = 8.8.8.8 8.8.4.4
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
mRun-x64: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SVPWUTIL] "C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-8-17 1151096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110816.030\IDSviA64.sys [2011-8-17 488056]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-8-8 130008]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-5 2320920]
R3 CeKbFilter;CeKbFilter;C:\Windows\system32\DRIVERS\CeKbFilter.sys --> C:\Windows\system32\DRIVERS\CeKbFilter.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-8-13 136824]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-5 51576]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IconMan_R;IconMan_R;"C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe" --> C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-5-11 124368]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-13 20:53:43 -------- d-----w- C:\Users\Leaver\AppData\Local\CrashDumps
2011-08-10 19:40:48 388096 ----a-r- C:\Users\Leaver\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-10 19:40:48 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-08-10 18:48:15 -------- d-----w- C:\ProgramData\SecTaskMan
2011-08-08 22:04:45 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-08-08 20:12:58 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-08-08 20:02:30 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP
2011-08-08 19:53:38 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-08-08 19:53:30 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-08-08 19:53:29 -------- d-----w- C:\Program Files\Symantec
2011-08-08 19:53:29 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-08-08 19:52:46 912504 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\SymEFA64.sys
2011-08-08 19:52:46 744568 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
2011-08-08 19:52:46 450680 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\SymDS64.sys
2011-08-08 19:52:46 40568 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
2011-08-08 19:52:46 386168 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys
2011-08-08 19:52:45 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\Ironx64.sys
2011-08-08 19:52:36 -------- d-----w- C:\Windows\System32\drivers\N360x64\0501000.01D
2011-08-08 19:52:36 -------- d-----w- C:\Windows\System32\drivers\N360x64
2011-08-08 19:52:35 -------- d-----w- C:\Program Files (x86)\Norton 360
2011-08-08 19:51:06 -------- d-----w- C:\ProgramData\NortonInstaller
2011-08-08 19:51:06 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-08-08 19:48:01 -------- d-----w- C:\ProgramData\Norton
2011-08-08 19:24:17 -------- d-----w- C:\Users\Leaver\AppData\Local\PackageAware
2011-08-08 18:57:43 -------- d-----w- C:\Users\Leaver\AppData\Local\Google
2011-08-07 21:31:03 -------- d-----w- C:\Users\Leaver\AppData\Roaming\TrojanHunter
2011-08-07 19:59:57 -------- d-----w- C:\Program Files (x86)\TrojanHunter 5.3
2011-08-07 19:39:28 -------- d-----w- C:\Program Files (x86)\BitTorrent
2011-08-07 19:38:21 -------- d-----w- C:\Users\Leaver\AppData\Roaming\BitTorrent
2011-08-07 19:30:19 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-07 18:59:06 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-08-07 18:59:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-08-07 16:31:51 -------- d-----w- C:\ComboFix
2011-08-07 14:38:39 -------- d-----w- C:\Users\Leaver\AppData\Roaming\Malwarebytes
2011-08-07 14:38:16 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-07 10:55:38 98816 ----a-w- C:\Windows\sed.exe
2011-08-07 10:55:38 518144 ----a-w- C:\Windows\SWREG.exe
2011-08-07 10:55:38 256000 ----a-w- C:\Windows\PEV.exe
2011-08-07 10:55:38 208896 ----a-w- C:\Windows\MBR.exe
2011-08-06 16:46:19 -------- d-----w- C:\ProgramData\AVAST Software
2011-08-06 16:46:19 -------- d-----w- C:\Program Files\AVAST Software
2011-08-06 14:34:31 -------- d-----w- C:\Windows\CheckSur
2011-08-06 14:04:40 -------- d-----w- C:\Windows\System32\SPReview
2011-08-06 14:03:14 -------- d-----w- C:\Windows\System32\EventProviders
2011-08-06 12:51:40 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BCD381ED-64C3-4CF1-8E5F-0C15A66C337A}\mpengine.dll
2011-07-30 16:26:17 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
2011-07-26 17:43:34 -------- d-----w- C:\Program Files\iTunes
2011-07-26 17:43:34 -------- d-----w- C:\Program Files\iPod
2011-07-26 17:41:53 -------- d-----w- C:\Program Files\Bonjour
2011-07-26 17:41:53 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-07-19 19:03:03 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2011-08-12 23:04:39 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-12 10:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 10:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 10:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 10:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 10:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 10:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 10:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 10:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-02 03:50:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 18:14:10 270720 ----a-w- C:\Windows\System32\MpSigStub.exe
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
.
============= FINISH: 19:36:36.03 ===============


Attached File  Attach.txt   5.3KB   0 downloads

Edited by leaverj, 17 August 2011 - 01:47 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:13 PM

Posted 17 August 2011 - 01:48 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 leaverj

leaverj
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 18 August 2011 - 03:37 PM

Hiya

I did get the "Illegal operation attempted on a registery key that has been marked for deletion." and I still get the annoying redirect when performing a google search.

Combofix log below:

ComboFix 11-08-18.02 - Leaver 18/08/2011 20:40:14.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3891.2411 [GMT 1:00]
Running from: c:\users\Leaver\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-18 20:07 . 2011-08-18 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-13 20:53 . 2011-08-13 20:53 -------- d-----w- c:\users\Leaver\AppData\Local\CrashDumps
2011-08-12 23:04 . 2011-08-12 23:04 -------- d-----w- c:\windows\system32\Macromed
2011-08-10 19:40 . 2011-08-10 19:40 388096 ----a-r- c:\users\Leaver\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-10 19:40 . 2011-08-10 19:40 -------- d-----w- c:\program files (x86)\Trend Micro
2011-08-10 18:48 . 2011-08-10 19:20 -------- d-----w- c:\programdata\SecTaskMan
2011-08-08 22:04 . 2011-08-08 22:04 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-08 22:02 . 2011-08-10 19:26 -------- d-----w- c:\programdata\Lavasoft
2011-08-08 20:12 . 2011-08-08 20:12 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-08-08 20:02 . 2011-08-08 20:02 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2011-08-08 19:53 . 2010-08-21 03:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-08-08 19:53 . 2011-08-08 19:53 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-08-08 19:53 . 2011-08-08 19:53 -------- d-----w- c:\program files\Symantec
2011-08-08 19:53 . 2011-08-08 19:53 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-08-08 19:52 . 2011-08-08 19:52 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-08-08 19:52 . 2011-08-08 19:52 -------- d-----w- c:\program files (x86)\Norton 360
2011-08-08 19:51 . 2011-08-08 19:51 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-08-08 19:48 . 2011-08-08 19:54 -------- d-----w- c:\programdata\Norton
2011-08-08 19:24 . 2011-08-08 19:24 -------- d-----w- c:\users\Leaver\AppData\Local\PackageAware
2011-08-08 18:57 . 2011-08-08 20:02 -------- d-----w- c:\users\Leaver\AppData\Local\Google
2011-08-07 21:31 . 2011-08-07 21:31 -------- d-----w- c:\users\Leaver\AppData\Roaming\TrojanHunter
2011-08-07 19:59 . 2011-08-08 21:07 -------- d-----w- c:\program files (x86)\TrojanHunter 5.3
2011-08-07 19:39 . 2011-08-07 19:39 -------- d-----w- c:\program files (x86)\BitTorrent
2011-08-07 19:38 . 2011-08-07 21:32 -------- d-----w- c:\users\Leaver\AppData\Roaming\BitTorrent
2011-08-07 18:59 . 2011-08-10 20:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-07 18:59 . 2011-08-10 19:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-08-07 14:38 . 2011-08-07 14:38 -------- d-----w- c:\users\Leaver\AppData\Roaming\Malwarebytes
2011-08-07 14:38 . 2011-08-07 14:38 -------- d-----w- c:\programdata\Malwarebytes
2011-08-06 16:46 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-06 16:46 . 2011-08-08 19:52 -------- d-----w- c:\programdata\AVAST Software
2011-08-06 16:46 . 2011-08-06 16:46 -------- d-----w- c:\program files\AVAST Software
2011-08-06 14:34 . 2011-08-06 14:34 -------- d-----w- c:\windows\CheckSur
2011-08-06 14:04 . 2011-08-06 14:04 -------- d-----w- c:\windows\system32\SPReview
2011-08-06 14:03 . 2011-08-06 14:03 -------- d-----w- c:\windows\system32\EventProviders
2011-08-06 12:51 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCD381ED-64C3-4CF1-8E5F-0C15A66C337A}\mpengine.dll
2011-07-30 16:26 . 2011-07-30 16:26 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2011-07-26 17:43 . 2011-08-06 12:47 -------- d-----w- c:\program files\iTunes
2011-07-26 17:43 . 2011-08-06 12:38 -------- d-----w- c:\program files\iPod
2011-07-26 17:41 . 2011-08-06 12:49 -------- d-----w- c:\program files\Bonjour
2011-07-26 17:41 . 2011-08-06 12:46 -------- d-----w- c:\program files (x86)\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 23:04 . 2011-06-01 19:27 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-12 10:34 . 2011-07-12 10:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 10:34 . 2011-07-12 10:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 10:34 . 2011-07-12 10:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 10:34 . 2011-07-12 10:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-06-11 02:56 . 2011-07-13 19:04 3134464 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 06:45 . 2011-07-13 19:04 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-06-02 06:45 . 2011-07-13 19:04 243200 ----a-w- c:\windows\system32\wow64.dll
2011-06-02 06:45 . 2011-07-13 19:04 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-06-02 06:44 . 2011-07-13 19:04 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 06:42 . 2011-07-13 19:04 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-06-02 06:39 . 2011-07-13 19:04 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-02 06:35 . 2011-07-13 19:04 338944 ----a-w- c:\windows\system32\conhost.exe
2011-06-02 06:23 . 2011-07-13 19:04 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-06-02 05:59 . 2011-07-13 19:04 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-06-02 05:56 . 2011-07-13 19:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-02 05:56 . 2011-07-13 19:04 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-06-02 05:54 . 2011-07-13 19:04 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-06-02 05:54 . 2011-07-13 19:04 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-06-02 05:45 . 2011-07-13 19:04 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-06-02 03:51 . 2011-07-13 19:04 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-06-02 03:50 . 2011-07-13 19:03 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-06-02 03:45 . 2011-07-13 19:04 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45 . 2011-07-13 19:04 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45 . 2011-07-13 19:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45 . 2011-07-13 19:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 18:14 . 2010-12-25 18:01 270720 ----a-w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:21 . 2011-06-30 17:31 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:34 . 2011-06-30 17:31 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:34 . 2011-06-30 17:31 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:34 . 2011-06-30 17:31 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32 . 2011-06-30 17:31 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-07_12.01.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-07 19:59 . 2011-08-07 20:00 59392 c:\windows\SysWOW64\streamhlp.dll
- 2011-08-07 11:58 . 2011-08-07 11:58 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-08-18 20:08 . 2011-08-18 20:08 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-08-08 19:26 . 2011-08-13 22:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2011-08-18 19:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-07 12:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-18 19:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-07 12:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-18 19:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-08 19:30 . 2010-11-12 17:27 96520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Toolbar\Applications\scextension.dll
+ 2010-09-02 08:15 . 2011-08-18 20:11 50744 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-18 20:11 36042 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-11 17:42 . 2011-08-18 20:11 11736 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3119703726-1474837861-1096680728-1000_UserData.bin
+ 2011-08-08 19:53 . 2010-08-21 03:59 34152 c:\windows\system32\DRVSTORE\GEARAspiWD_AABE64655D8D5936ABBDF4C4B48BA5458FA0A505\x64\GEARAspiWDM.sys
+ 2011-08-08 19:52 . 2011-03-31 03:00 40568 c:\windows\system32\drivers\N360x64\0501000.01D\srtspx64.sys
+ 2010-12-11 17:37 . 2011-08-10 21:24 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-11 17:37 . 2011-08-06 14:27 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-11 17:37 . 2011-08-10 21:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-11 17:37 . 2011-08-06 14:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-10 21:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-06 14:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-08 19:30 . 2011-08-08 19:30 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D55BE73C-C1F4-11E0-B356-88AE1DFC0456}.dat
+ 2011-08-08 19:31 . 2011-08-08 19:31 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{12698C1A-C1F5-11E0-B356-88AE1DFC0456}.dat
+ 2011-08-08 19:30 . 2011-08-08 19:30 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D55BE73D-C1F4-11E0-B356-88AE1DFC0456}.dat
+ 2011-08-08 19:31 . 2011-08-08 19:31 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{12698C1B-C1F5-11E0-B356-88AE1DFC0456}.dat
- 2011-08-07 11:59 . 2011-08-07 11:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-18 20:09 . 2011-08-18 20:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-18 20:09 . 2011-08-18 20:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-07 11:59 . 2011-08-07 11:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-12 23:04 . 2011-08-12 23:04 247456 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11a_ActiveX.exe
+ 2011-08-12 23:04 . 2011-08-12 23:04 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11a_ActiveX.dll
+ 2011-02-27 11:22 . 2010-08-21 03:59 106928 c:\windows\SysWOW64\GEARAspi.dll
+ 2011-08-08 19:32 . 2011-08-08 19:31 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
+ 2011-08-08 19:30 . 2010-11-12 17:27 462088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Toolbar\Applications\wlextension.dll
+ 2011-08-08 19:30 . 2010-11-12 17:27 131336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Toolbar\Applications\searchappextension.dll
+ 2011-08-08 19:30 . 2010-11-12 17:27 336136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Toolbar\Applications\appmgr.dll
+ 2010-12-30 10:23 . 2011-08-07 13:01 236948 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-08-12 23:04 . 2011-08-12 23:04 460448 c:\windows\system32\Macromed\Flash\FlashUtil64_11_0_1_ActiveX.exe
+ 2011-08-12 23:04 . 2011-08-12 23:04 376480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_0_1_ActiveX.dll
+ 2011-02-27 11:22 . 2010-08-21 03:59 125872 c:\windows\system32\GEARAspi64.dll
+ 2011-08-08 19:52 . 2011-07-08 16:45 386168 c:\windows\system32\drivers\N360x64\0501000.01D\symnets.sys
+ 2011-08-08 19:52 . 2011-03-15 02:31 912504 c:\windows\system32\drivers\N360x64\0501000.01D\SymEFA64.sys
+ 2011-08-08 19:52 . 2011-01-27 06:47 450680 c:\windows\system32\drivers\N360x64\0501000.01D\SymDS64.sys
+ 2011-08-08 19:52 . 2011-03-31 03:00 744568 c:\windows\system32\drivers\N360x64\0501000.01D\srtsp64.sys
+ 2011-08-08 19:52 . 2011-01-27 05:07 171128 c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.sys
+ 2011-08-07 15:06 . 2011-08-10 20:25 301588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3119703726-1474837861-1096680728-1000-12288.dat
+ 2011-08-08 19:30 . 2011-08-08 19:30 1000000 c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\Search Enhancement Pack\Search Box Extension\searchhs.dat
+ 2011-08-08 19:30 . 2010-11-11 16:03 1128712 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Toolbar\Applications\bingrewardsclient.dll
+ 2009-07-14 04:45 . 2011-08-10 19:15 3798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-08-06 18:50 3798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-08-06 17:54 . 2011-08-18 20:08 5852014 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3119703726-1474837861-1096680728-1000-8192.dat
+ 2011-08-10 19:40 . 2011-08-10 19:40 1402880 c:\windows\Installer\1a8cc7.msi
+ 2011-08-07 12:34 . 2011-07-01 08:54 49089992 c:\windows\SysWOW64\MRT.exe
+ 2009-07-14 02:34 . 2011-08-18 18:37 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-08-06 19:01 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-22 352256]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-07-22 1151096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110817.030\IDSvia64.sys [2011-08-05 488056]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-08 136824]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-28 2120808]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"LXBUCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBUtime.dll" [2007-04-17 28672]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d1,51,e4,9e,01,56,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2011-08-18 21:29:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-18 20:29
ComboFix2.txt 2011-08-07 18:53
ComboFix3.txt 2011-08-07 12:21
.
Pre-Run: 117,664,124,928 bytes free
Post-Run: 117,361,086,464 bytes free
.
- - End Of File - - 74DE21BD4327AFA91B8DAD4B5D833AEA

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:13 PM

Posted 18 August 2011 - 07:20 PM

Hello leaverj

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 leaverj

leaverj
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 21 August 2011 - 03:58 PM

Hi Gringo

Nothing found. Log below:

2011/08/21 21:56:07.0765 5348 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/21 21:56:07.0984 5348 ================================================================================
2011/08/21 21:56:07.0984 5348 SystemInfo:
2011/08/21 21:56:07.0984 5348
2011/08/21 21:56:07.0984 5348 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/21 21:56:07.0984 5348 Product type: Workstation
2011/08/21 21:56:07.0984 5348 ComputerName: LEAVER-TOSH
2011/08/21 21:56:07.0984 5348 UserName: Leaver
2011/08/21 21:56:07.0984 5348 Windows directory: C:\Windows
2011/08/21 21:56:07.0984 5348 System windows directory: C:\Windows
2011/08/21 21:56:07.0984 5348 Running under WOW64
2011/08/21 21:56:07.0984 5348 Processor architecture: Intel x64
2011/08/21 21:56:07.0984 5348 Number of processors: 4
2011/08/21 21:56:07.0984 5348 Page size: 0x1000
2011/08/21 21:56:07.0984 5348 Boot type: Normal boot
2011/08/21 21:56:07.0984 5348 ================================================================================
2011/08/21 21:56:08.0421 5348 Initialize success
2011/08/21 21:56:25.0939 5368 ================================================================================
2011/08/21 21:56:25.0939 5368 Scan started
2011/08/21 21:56:25.0939 5368 Mode: Manual;
2011/08/21 21:56:25.0939 5368 ================================================================================
2011/08/21 21:56:27.0359 5368 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/21 21:56:27.0499 5368 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/21 21:56:27.0624 5368 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/21 21:56:27.0780 5368 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/21 21:56:27.0921 5368 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/21 21:56:28.0045 5368 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/21 21:56:28.0186 5368 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/08/21 21:56:28.0311 5368 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/21 21:56:28.0467 5368 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/21 21:56:28.0623 5368 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/21 21:56:28.0732 5368 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/21 21:56:28.0841 5368 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/21 21:56:28.0966 5368 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/08/21 21:56:29.0091 5368 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/21 21:56:29.0215 5368 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/08/21 21:56:29.0340 5368 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/08/21 21:56:29.0527 5368 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/21 21:56:29.0652 5368 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/21 21:56:29.0761 5368 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/21 21:56:29.0902 5368 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/21 21:56:30.0089 5368 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/21 21:56:30.0229 5368 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/21 21:56:30.0370 5368 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/21 21:56:30.0666 5368 BHDrvx64 (c823adeedd3ae6f3db52b6152e5789cf) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110812.001\BHDrvx64.sys
2011/08/21 21:56:30.0791 5368 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/21 21:56:30.0916 5368 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/21 21:56:31.0041 5368 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/21 21:56:31.0119 5368 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/21 21:56:31.0243 5368 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/21 21:56:31.0337 5368 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/21 21:56:31.0431 5368 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/21 21:56:31.0540 5368 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/21 21:56:31.0618 5368 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/21 21:56:31.0899 5368 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/21 21:56:32.0008 5368 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/21 21:56:32.0133 5368 CeKbFilter (7e83e47bd1ff93e11cd69f1ad65a9581) C:\Windows\system32\DRIVERS\CeKbFilter.sys
2011/08/21 21:56:32.0242 5368 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/21 21:56:32.0335 5368 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/21 21:56:32.0460 5368 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/21 21:56:32.0523 5368 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/21 21:56:32.0616 5368 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/08/21 21:56:32.0710 5368 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/21 21:56:32.0803 5368 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/21 21:56:32.0913 5368 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/21 21:56:33.0053 5368 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/08/21 21:56:33.0147 5368 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/21 21:56:33.0240 5368 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/21 21:56:33.0365 5368 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/21 21:56:33.0474 5368 DXGKrnl (601e731bf8e3f22906ce7d4d724b0439) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/21 21:56:33.0630 5368 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/21 21:56:33.0849 5368 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/08/21 21:56:33.0973 5368 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/21 21:56:34.0161 5368 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/08/21 21:56:34.0239 5368 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/21 21:56:34.0348 5368 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/21 21:56:34.0426 5368 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/21 21:56:34.0519 5368 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/21 21:56:34.0629 5368 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/21 21:56:34.0707 5368 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/21 21:56:34.0785 5368 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/21 21:56:34.0863 5368 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/08/21 21:56:34.0956 5368 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/21 21:56:35.0034 5368 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/21 21:56:35.0143 5368 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/21 21:56:35.0237 5368 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/21 21:56:35.0362 5368 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/21 21:56:35.0455 5368 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/21 21:56:35.0533 5368 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/08/21 21:56:35.0643 5368 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/21 21:56:35.0736 5368 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/08/21 21:56:35.0814 5368 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/21 21:56:35.0892 5368 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/21 21:56:36.0001 5368 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/21 21:56:36.0126 5368 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/21 21:56:36.0235 5368 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/21 21:56:36.0345 5368 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/08/21 21:56:36.0423 5368 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/21 21:56:36.0532 5368 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/21 21:56:36.0625 5368 iaStor (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/21 21:56:36.0719 5368 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/08/21 21:56:36.0953 5368 IDSVia64 (d321ff68ff6986bcc18fe85943cb55ef) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110817.030\IDSvia64.sys
2011/08/21 21:56:37.0249 5368 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/08/21 21:56:37.0499 5368 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/21 21:56:37.0624 5368 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/08/21 21:56:37.0780 5368 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/21 21:56:37.0889 5368 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/21 21:56:37.0983 5368 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/21 21:56:38.0061 5368 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/21 21:56:38.0170 5368 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/21 21:56:38.0248 5368 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/21 21:56:38.0373 5368 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/21 21:56:38.0451 5368 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/21 21:56:38.0544 5368 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/21 21:56:38.0638 5368 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/21 21:56:38.0716 5368 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/21 21:56:38.0825 5368 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/21 21:56:38.0903 5368 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/21 21:56:38.0997 5368 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/21 21:56:39.0121 5368 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/21 21:56:39.0246 5368 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\Windows\system32\DRIVERS\LPCFilter.sys
2011/08/21 21:56:39.0355 5368 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/21 21:56:39.0449 5368 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/21 21:56:39.0543 5368 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/21 21:56:39.0652 5368 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/21 21:56:39.0730 5368 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/21 21:56:39.0839 5368 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/21 21:56:39.0933 5368 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/21 21:56:40.0042 5368 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/21 21:56:40.0120 5368 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/21 21:56:40.0229 5368 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/21 21:56:40.0323 5368 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/21 21:56:40.0416 5368 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/08/21 21:56:40.0494 5368 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/21 21:56:40.0572 5368 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/21 21:56:40.0666 5368 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/21 21:56:40.0760 5368 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/21 21:56:40.0838 5368 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/21 21:56:40.0931 5368 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/21 21:56:41.0025 5368 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/21 21:56:41.0087 5368 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/21 21:56:41.0181 5368 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/21 21:56:41.0274 5368 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/21 21:56:41.0352 5368 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/21 21:56:41.0446 5368 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/21 21:56:41.0540 5368 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/21 21:56:41.0649 5368 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/21 21:56:41.0742 5368 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/08/21 21:56:41.0883 5368 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/21 21:56:41.0992 5368 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/21 21:56:42.0070 5368 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/21 21:56:42.0148 5368 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/21 21:56:42.0257 5368 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/21 21:56:42.0460 5368 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110818.003\ENG64.SYS
2011/08/21 21:56:42.0694 5368 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110818.003\EX64.SYS
2011/08/21 21:56:42.0819 5368 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/08/21 21:56:42.0928 5368 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/21 21:56:43.0006 5368 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/21 21:56:43.0100 5368 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/21 21:56:43.0178 5368 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/21 21:56:43.0256 5368 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/08/21 21:56:43.0365 5368 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/21 21:56:43.0458 5368 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/21 21:56:43.0568 5368 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/21 21:56:43.0661 5368 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/21 21:56:43.0755 5368 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/21 21:56:43.0911 5368 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/08/21 21:56:44.0020 5368 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/21 21:56:44.0098 5368 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/08/21 21:56:44.0192 5368 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/08/21 21:56:44.0270 5368 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/21 21:56:44.0348 5368 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/21 21:56:44.0457 5368 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/21 21:56:44.0535 5368 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/08/21 21:56:44.0628 5368 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/08/21 21:56:44.0722 5368 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/21 21:56:44.0800 5368 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/21 21:56:44.0878 5368 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/21 21:56:44.0972 5368 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/21 21:56:45.0096 5368 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
2011/08/21 21:56:45.0237 5368 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/21 21:56:45.0315 5368 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/21 21:56:45.0408 5368 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/21 21:56:45.0533 5368 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/21 21:56:45.0627 5368 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/21 21:56:45.0720 5368 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/21 21:56:45.0798 5368 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/21 21:56:45.0923 5368 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/21 21:56:46.0017 5368 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/21 21:56:46.0126 5368 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/21 21:56:46.0220 5368 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/21 21:56:46.0313 5368 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/21 21:56:46.0407 5368 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/21 21:56:46.0500 5368 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/21 21:56:46.0610 5368 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/21 21:56:46.0734 5368 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/21 21:56:46.0922 5368 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/08/21 21:56:47.0015 5368 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
2011/08/21 21:56:47.0140 5368 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/21 21:56:47.0249 5368 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
2011/08/21 21:56:47.0343 5368 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/08/21 21:56:47.0468 5368 RTL8192Ce (e7d79600575f755614dd5d79b044d588) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
2011/08/21 21:56:47.0561 5368 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/21 21:56:47.0702 5368 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/21 21:56:48.0029 5368 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/21 21:56:48.0279 5368 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/21 21:56:48.0404 5368 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/21 21:56:48.0497 5368 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/21 21:56:48.0622 5368 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/21 21:56:48.0700 5368 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/21 21:56:48.0794 5368 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/21 21:56:48.0887 5368 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/21 21:56:49.0012 5368 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/08/21 21:56:49.0121 5368 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/08/21 21:56:49.0215 5368 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/08/21 21:56:49.0308 5368 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/08/21 21:56:49.0418 5368 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/21 21:56:49.0496 5368 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/21 21:56:49.0605 5368 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/21 21:56:49.0698 5368 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/21 21:56:49.0901 5368 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSP64.SYS
2011/08/21 21:56:50.0073 5368 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
2011/08/21 21:56:50.0182 5368 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/08/21 21:56:50.0276 5368 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/21 21:56:50.0369 5368 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/21 21:56:50.0478 5368 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/21 21:56:50.0572 5368 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/21 21:56:50.0712 5368 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
2011/08/21 21:56:50.0884 5368 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
2011/08/21 21:56:50.0993 5368 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/08/21 21:56:51.0134 5368 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
2011/08/21 21:56:51.0290 5368 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS
2011/08/21 21:56:51.0414 5368 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/21 21:56:51.0570 5368 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/08/21 21:56:51.0726 5368 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/21 21:56:51.0820 5368 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/21 21:56:51.0929 5368 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/08/21 21:56:52.0023 5368 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/21 21:56:52.0101 5368 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/21 21:56:52.0194 5368 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/21 21:56:52.0288 5368 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/21 21:56:52.0460 5368 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/21 21:56:52.0569 5368 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/21 21:56:52.0678 5368 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/08/21 21:56:52.0756 5368 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/21 21:56:52.0850 5368 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/21 21:56:52.0959 5368 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/21 21:56:53.0037 5368 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/21 21:56:53.0130 5368 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/21 21:56:53.0240 5368 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/08/21 21:56:53.0333 5368 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/21 21:56:53.0411 5368 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/21 21:56:53.0505 5368 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
2011/08/21 21:56:53.0598 5368 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/21 21:56:53.0692 5368 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
2011/08/21 21:56:53.0786 5368 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/21 21:56:53.0926 5368 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/21 21:56:54.0004 5368 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/21 21:56:54.0098 5368 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
2011/08/21 21:56:54.0176 5368 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/21 21:56:54.0285 5368 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/21 21:56:54.0394 5368 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/21 21:56:54.0472 5368 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/21 21:56:54.0550 5368 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/21 21:56:54.0659 5368 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/21 21:56:54.0737 5368 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/21 21:56:54.0831 5368 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/08/21 21:56:54.0924 5368 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/21 21:56:55.0018 5368 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/21 21:56:55.0112 5368 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/21 21:56:55.0205 5368 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/21 21:56:55.0314 5368 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/21 21:56:55.0408 5368 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/21 21:56:55.0439 5368 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/21 21:56:55.0548 5368 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/21 21:56:55.0642 5368 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/21 21:56:55.0782 5368 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/21 21:56:55.0876 5368 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/21 21:56:56.0048 5368 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/21 21:56:56.0141 5368 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/21 21:56:56.0266 5368 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/21 21:56:56.0375 5368 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/08/21 21:56:56.0469 5368 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/21 21:56:56.0531 5368 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/21 21:56:56.0562 5368 Boot (0x1200) (8a008dcef0d812cdb2bb9a79ca2958f7) \Device\Harddisk0\DR0\Partition0
2011/08/21 21:56:56.0594 5368 Boot (0x1200) (7040187046c68da524ea4c5aa593afa7) \Device\Harddisk0\DR0\Partition1
2011/08/21 21:56:56.0594 5368 ================================================================================
2011/08/21 21:56:56.0594 5368 Scan finished
2011/08/21 21:56:56.0594 5368 ================================================================================
2011/08/21 21:56:56.0609 3360 Detected object count: 0
2011/08/21 21:56:56.0609 3360 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:13 PM

Posted 21 August 2011 - 07:36 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 leaverj

leaverj
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 22 August 2011 - 02:28 PM

Hi

Log below:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-22 20:26:05
-----------------------------
20:26:05.631 OS Version: Windows x64 6.1.7600
20:26:05.631 Number of processors: 4 586 0x2505
20:26:05.631 ComputerName: LEAVER-TOSH UserName: Leaver
20:26:06.861 Initialize success
20:26:30.721 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:26:30.731 Disk 0 Vendor: TOSHIBA_ GH10 Size: 305245MB BusType: 3
20:26:30.741 Disk 0 MBR read successfully
20:26:30.751 Disk 0 MBR scan
20:26:30.751 Disk 0 TDL4@MBR code has been found
20:26:30.761 Disk 0 Windows 7 default MBR code found via API
20:26:30.761 Disk 0 MBR hidden
20:26:30.771 Disk 0 MBR [TDL4] **ROOTKIT**
20:26:30.781 Disk 0 trace - called modules:
20:26:30.781 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006a1e254]<<
20:26:30.791 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a06790]
20:26:30.801 3 CLASSPNP.SYS[fffff88001c8843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a1f050]
20:26:30.811 \Driver\iaStor[0xfffffa8004995760] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006a1e254
20:26:30.811 Scan finished successfully
20:28:09.925 Disk 0 MBR has been saved successfully to "C:\Users\Leaver\Desktop\MBR.dat"
20:28:09.930 The log file has been saved successfully to "C:\Users\Leaver\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:13 PM

Posted 23 August 2011 - 12:08 PM

Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:13 PM

Posted 26 August 2011 - 11:44 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:13 PM

Posted 30 August 2011 - 10:19 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users