Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVC Host Fake... Agent/Gen/falprod [RE] removed


  • This topic is locked This topic is locked
20 replies to this topic

#1 hh749

hh749

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 18 August 2011 - 07:43 PM

Hi i have just come over from the am i infected forum, where i have done all that was asked of me. the laptop was crashing everytime a scan was started or when the av tried to update. the security center disappeared altogether. Avast isnt showing in the task bar or on the desktop but is in the program files list. Since scanning and removing the viruses found the laptop was working fairly well for about two hours then crashed blue screen, sorry i didnt get the code for it. Today when i started it up to do the scans and stuff needed to post here it took a long time to start and after signing in the screen was black for about 5 minutes with only the mouse pointer showing before the desktop started up. it has been running very slowly today and everything has taken a long time to do. im just hoping that i can post this and it not crash before that. so with that in mind i will post now. thank you in advance for any help.

This is the link to my previous topic in am i infected.

http://www.bleepingcomputer.com/forums/topic414722.html

I have followed all steps to prepare for posting here and here are the logs requested.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by sara at 2:50:01 on 2011-08-19
Microsoft Windows 7 Home Basic 6.1.7600.0.1252.44.1033.18.2931.1744 [GMT 3:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba.msn.com
uDefault_Page_URL = hxxp://toshiba.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - c:\program files\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
uRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaReminder.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [KeNotify] "c:\program files\toshiba\utilities\KeNotify.exe" LPCM
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{79796474-EC97-4FCE-B784-812EA5BF6410} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-12 309848]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-8-12 54104]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-28 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek usb 2.0 card reader\RIconMan.exe [2011-8-2 1811456]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-8-2 2320920]
R3 CeKbFilter;CeKbFilter;c:\windows\system32\drivers\CeKbFilter.sys [2011-8-2 17520]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-27 132480]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2011-8-2 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-11-15 275048]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-8-2 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-5 111960]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-12 441176]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-12 42184]
S2 bfmdnyat;Mouse HID Monitor;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-11-15 6473216]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-11-15 228352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-17 41272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-8-2 182304]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2010-5-11 124368]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-08-17 19:54:45 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-17 19:54:45 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-17 19:54:45 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-08-17 19:54:45 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-08-17 19:54:45 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-08-17 19:48:30 -------- d-----w- c:\program files\MSXML 4.0
2011-08-17 12:51:37 -------- d-----w- c:\users\sara\appdata\roaming\SUPERAntiSpyware.com
2011-08-17 12:50:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-17 12:50:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-17 06:58:15 -------- d-----w- c:\users\sara\appdata\roaming\Malwarebytes
2011-08-17 06:58:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-17 06:58:07 -------- d-----w- c:\programdata\Malwarebytes
2011-08-17 06:58:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-17 06:58:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-17 06:31:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-08-16 18:22:43 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-16 18:21:56 204288 ----a-w- c:\windows\system32\upnp.dll
2011-08-16 18:21:55 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-08-16 18:21:55 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-08-16 18:21:55 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-08-16 18:21:55 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-08-16 18:21:55 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-08-16 18:21:55 14336 ----a-w- c:\windows\system32\slwga.dll
2011-08-16 18:21:55 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-08-16 18:21:55 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-08-16 18:19:54 6146896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-08-16 18:19:49 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5b3bf85b-b1ef-4e39-a2cb-68be975729ee}\mpengine.dll
2011-08-16 18:19:49 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-16 18:15:05 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-08-16 18:15:05 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-08-16 18:15:05 107520 ----a-w- c:\windows\system32\cdd.dll
2011-08-16 18:14:00 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-16 18:14:00 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-16 18:14:00 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-08-16 18:10:35 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-08-16 18:03:45 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-08-16 18:03:22 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-08-16 18:03:21 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-16 18:03:06 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-08-16 18:03:06 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-08-16 18:03:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-08-16 18:03:01 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-08-16 18:02:53 516096 ----a-w- c:\program files\windows mail\wab.exe
2011-08-16 17:59:57 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-08-16 17:58:51 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-08-16 17:58:51 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-08-16 17:58:38 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2011-08-16 17:58:38 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-16 17:58:38 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-16 17:58:38 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-16 17:58:38 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-16 17:58:38 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-16 17:58:25 101760 ----a-w- c:\windows\system32\consent.exe
2011-08-16 17:57:49 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-08-16 17:57:49 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-08-16 17:57:42 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-08-16 17:57:41 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-08-16 17:57:39 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-08-16 17:54:49 -------- d-----w- c:\users\sara\appdata\local\Diagnostics
2011-08-14 09:08:19 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-08-12 09:10:29 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-12 09:10:29 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-12 09:10:21 40112 ----a-w- c:\windows\avastSS.scr
2011-08-12 09:10:15 -------- d-----w- c:\programdata\AVAST Software
2011-08-12 09:10:15 -------- d-----w- c:\program files\AVAST Software
2011-08-11 02:34:37 -------- d-----w- c:\users\sara\appdata\local\Microsoft Games
2011-08-07 01:22:07 -------- d-----w- c:\windows\pss
2011-08-03 23:58:12 -------- d-----w- c:\program files\trend micro
2011-08-02 02:46:54 -------- d-----w- c:\users\sara\appdata\local\ElevatedDiagnostics
2011-08-02 02:30:23 -------- d-----w- c:\users\sara\appdata\local\TOSHIBA_Corporation
2011-08-02 02:30:14 -------- d-----w- c:\users\sara\Tracing
2011-08-02 02:26:11 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-08-02 01:48:14 -------- d-----w- c:\users\sara\appdata\local\Toshiba
2011-08-02 00:37:57 -------- d-----w- c:\windows\system32\sda
2011-08-02 00:15:56 -------- d-----w- c:\windows\OemDrv
2011-08-02 00:12:41 -------- d-----w- c:\program files\common files\Toshiba Shared
2011-08-02 00:12:36 275536 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2011-08-02 00:12:35 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-08-02 00:09:55 24064 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2011-08-02 00:07:47 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-08-02 00:07:47 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-08-02 00:07:47 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2011-08-02 00:07:47 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2011-08-02 00:07:47 2707448 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2011-08-02 00:07:47 -------- d-----w- c:\program files\Broadcom
2011-08-02 00:06:19 7367200 ----a-w- c:\windows\system32\RtsUStoricon.dll
2011-08-02 00:06:19 313888 ----a-w- c:\windows\system32\RtsUStor.dll
2011-08-02 00:06:19 182304 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2011-08-02 00:05:58 -------- d-----w- c:\program files\Synaptics
2011-08-02 00:02:31 24576 ----a-w- c:\windows\system32\TSCI.dll
2011-08-02 00:02:31 24576 ----a-w- c:\windows\system32\THCI.dll
2011-08-02 00:02:10 -------- d-----w- c:\windows\system32\Microsoft.VC80.MFC
2011-08-02 00:02:10 -------- d-----w- c:\programdata\vista64
2011-08-02 00:02:09 -------- d-----w- c:\programdata\xp
2011-08-02 00:02:09 -------- d-----w- c:\programdata\win7_64
2011-08-02 00:02:09 -------- d-----w- c:\programdata\win7_32
2011-08-02 00:02:09 -------- d-----w- c:\programdata\vista32
2011-08-02 00:01:56 17520 ----a-w- c:\windows\system32\drivers\CeKbFilter.sys
2011-08-02 00:01:39 49152 ----a-w- c:\windows\system32\HWS_Ctrl.dll
2011-08-02 00:01:39 24576 ----a-w- c:\windows\system32\TSBWLS.dll
2011-08-02 00:00:57 -------- d-----w- c:\windows\Downloaded Installations
2011-08-01 23:58:59 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-08-01 23:58:59 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-08-01 23:58:59 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-08-01 23:58:59 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-08-01 23:58:59 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-08-01 23:58:59 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-08-01 23:58:57 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-08-01 23:58:57 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-08-01 23:57:05 433176 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-08-01 23:53:58 -------- d-----w- C:\Intel
2011-08-01 23:53:26 -------- d-----w- c:\program files\common files\postureAgent
2011-08-01 23:53:20 41088 ----a-w- c:\windows\system32\drivers\HECI.sys
2011-08-01 23:51:21 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-08-01 23:50:41 -------- d-sh--w- C:\$RECYCLE.BIN
.
==================== Find3M ====================
.
2011-07-22 04:56:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-21 05:39:53 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-21 05:36:36 981504 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 05:35:05 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-21 04:26:02 386048 ----a-w- c:\windows\system32\html.iec
2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 10:35:34 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
.
============= FINISH: 2:51:02.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 PM

Posted 23 August 2011 - 07:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415073 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:45 AM

Posted 23 August 2011 - 10:28 PM

Hello hh749,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 hh749

hh749
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 24 August 2011 - 08:47 AM

Ok thank you Fireman4it, i am looking forward to hearing from and getting this sorted out.

Heather.

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:45 AM

Posted 24 August 2011 - 05:03 PM

Hello,


Lets begin cleaning your machine.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.6.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.5.6.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 hh749

hh749
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 24 August 2011 - 07:42 PM

here is the TDSS log i am now going to do the other scans. When it rebooted after the scan it booted a lot quicker than it has been but then i couldnt get IE to open then all of a sudden it opened about 4 windows. dont know what that was all about.

2011/08/25 03:32:26.0413 5756 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/25 03:32:28.0425 5756 ================================================================================
2011/08/25 03:32:28.0425 5756 SystemInfo:
2011/08/25 03:32:28.0425 5756
2011/08/25 03:32:28.0425 5756 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/25 03:32:28.0425 5756 Product type: Workstation
2011/08/25 03:32:28.0425 5756 ComputerName: SARA-TOSH
2011/08/25 03:32:28.0425 5756 UserName: sara
2011/08/25 03:32:28.0425 5756 Windows directory: C:\Windows
2011/08/25 03:32:28.0425 5756 System windows directory: C:\Windows
2011/08/25 03:32:28.0425 5756 Processor architecture: Intel x86
2011/08/25 03:32:28.0425 5756 Number of processors: 4
2011/08/25 03:32:28.0425 5756 Page size: 0x1000
2011/08/25 03:32:28.0425 5756 Boot type: Normal boot
2011/08/25 03:32:28.0425 5756 ================================================================================
2011/08/25 03:32:28.0784 5756 Initialize success
2011/08/25 03:32:37.0941 1240 ================================================================================
2011/08/25 03:32:37.0941 1240 Scan started
2011/08/25 03:32:37.0941 1240 Mode: Manual;
2011/08/25 03:32:37.0941 1240 ================================================================================
2011/08/25 03:32:39.0267 1240 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/25 03:32:39.0392 1240 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/25 03:32:39.0517 1240 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/25 03:32:39.0641 1240 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/25 03:32:39.0766 1240 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/25 03:32:39.0907 1240 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/25 03:32:40.0063 1240 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2011/08/25 03:32:40.0172 1240 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/25 03:32:40.0297 1240 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/08/25 03:32:40.0437 1240 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/25 03:32:40.0546 1240 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/08/25 03:32:40.0655 1240 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/25 03:32:40.0765 1240 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/25 03:32:41.0123 1240 amdkmdag (2b8468e003fd033f4faa5cc54022c8ed) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/25 03:32:41.0420 1240 amdkmdap (97ccefc4e7ea7c910b54509262343d6b) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/25 03:32:41.0529 1240 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/25 03:32:41.0669 1240 amdsata (e8887df31600cee28eddd5e6ffaaeed7) C:\Windows\system32\DRIVERS\amdsata.sys
2011/08/25 03:32:41.0794 1240 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/25 03:32:41.0888 1240 amdxata (2d31914d521c5d36613063cb06d1b12c) C:\Windows\system32\DRIVERS\amdxata.sys
2011/08/25 03:32:42.0013 1240 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/08/25 03:32:42.0153 1240 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/08/25 03:32:42.0278 1240 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/25 03:32:42.0403 1240 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
2011/08/25 03:32:42.0512 1240 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
2011/08/25 03:32:42.0637 1240 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
2011/08/25 03:32:42.0761 1240 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
2011/08/25 03:32:42.0871 1240 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
2011/08/25 03:32:42.0980 1240 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/25 03:32:43.0089 1240 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/25 03:32:43.0261 1240 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/08/25 03:32:43.0370 1240 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/25 03:32:43.0557 1240 BCM43XX (cda161020bf75b12728ae394196ad991) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/08/25 03:32:43.0666 1240 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/08/25 03:32:43.0822 1240 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/25 03:32:43.0947 1240 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/25 03:32:44.0056 1240 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/25 03:32:44.0165 1240 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/25 03:32:44.0290 1240 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/08/25 03:32:44.0415 1240 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/25 03:32:44.0509 1240 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/25 03:32:44.0633 1240 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/25 03:32:44.0727 1240 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/25 03:32:44.0899 1240 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/25 03:32:45.0008 1240 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/25 03:32:45.0148 1240 CeKbFilter (aecd6e980834d784dea44456b2dc5164) C:\Windows\system32\DRIVERS\CeKbFilter.sys
2011/08/25 03:32:45.0289 1240 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/25 03:32:45.0382 1240 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/08/25 03:32:45.0476 1240 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/25 03:32:45.0601 1240 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/25 03:32:45.0710 1240 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/08/25 03:32:45.0835 1240 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/25 03:32:45.0975 1240 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/25 03:32:46.0115 1240 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/25 03:32:46.0256 1240 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/08/25 03:32:46.0381 1240 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/08/25 03:32:46.0490 1240 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/08/25 03:32:46.0630 1240 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/08/25 03:32:46.0739 1240 DXGKrnl (7f4d13f3f468f8ec3c698a154ac52c93) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/25 03:32:46.0942 1240 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/08/25 03:32:47.0129 1240 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/25 03:32:47.0254 1240 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/25 03:32:47.0379 1240 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/08/25 03:32:47.0488 1240 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/08/25 03:32:47.0613 1240 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/25 03:32:47.0738 1240 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/08/25 03:32:47.0847 1240 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/08/25 03:32:47.0956 1240 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/25 03:32:48.0097 1240 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/08/25 03:32:48.0221 1240 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/08/25 03:32:48.0331 1240 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/25 03:32:48.0440 1240 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/25 03:32:48.0549 1240 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/25 03:32:48.0658 1240 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/25 03:32:48.0783 1240 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/08/25 03:32:48.0908 1240 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/25 03:32:49.0033 1240 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
2011/08/25 03:32:49.0126 1240 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/25 03:32:49.0235 1240 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/25 03:32:49.0360 1240 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/25 03:32:49.0469 1240 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/25 03:32:49.0610 1240 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/25 03:32:49.0781 1240 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/08/25 03:32:49.0891 1240 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/25 03:32:50.0015 1240 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/25 03:32:50.0140 1240 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/25 03:32:50.0281 1240 iaStorV (2d2918606673c46769fb516a5ace958e) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/08/25 03:32:50.0577 1240 igfx (db7413cf09d74231720f78737dcf4188) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/08/25 03:32:50.0889 1240 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/25 03:32:50.0998 1240 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
2011/08/25 03:32:51.0248 1240 IntcAzAudAddService (aee99ecf06cd1cea95816ccb5bf73ec8) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/25 03:32:51.0373 1240 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/25 03:32:51.0497 1240 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/25 03:32:51.0607 1240 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/25 03:32:51.0716 1240 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/25 03:32:51.0825 1240 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/08/25 03:32:51.0934 1240 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/08/25 03:32:52.0028 1240 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/25 03:32:52.0137 1240 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/25 03:32:52.0277 1240 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/25 03:32:52.0387 1240 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/25 03:32:52.0511 1240 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/25 03:32:52.0621 1240 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/25 03:32:52.0761 1240 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/25 03:32:52.0901 1240 LPCFilter (6adab14d7ad12b35bdc665b35278099b) C:\Windows\system32\DRIVERS\LPCFilter.sys
2011/08/25 03:32:53.0011 1240 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/25 03:32:53.0135 1240 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/25 03:32:53.0245 1240 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/25 03:32:53.0369 1240 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/25 03:32:53.0479 1240 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/08/25 03:32:53.0603 1240 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/08/25 03:32:53.0728 1240 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/25 03:32:53.0837 1240 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/25 03:32:53.0962 1240 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/08/25 03:32:54.0071 1240 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/25 03:32:54.0196 1240 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/25 03:32:54.0337 1240 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/25 03:32:54.0461 1240 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/08/25 03:32:54.0555 1240 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/25 03:32:54.0664 1240 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/25 03:32:54.0773 1240 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/08/25 03:32:54.0883 1240 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/25 03:32:55.0007 1240 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/25 03:32:55.0117 1240 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/25 03:32:55.0226 1240 msahci (4e00965bb3c471d52b07c9c3c59a82cf) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/25 03:32:55.0335 1240 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/25 03:32:55.0460 1240 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/08/25 03:32:55.0553 1240 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/25 03:32:55.0663 1240 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/25 03:32:55.0803 1240 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/25 03:32:55.0928 1240 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/25 03:32:56.0037 1240 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/08/25 03:32:56.0146 1240 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/08/25 03:32:56.0271 1240 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/25 03:32:56.0380 1240 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/08/25 03:32:56.0474 1240 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/25 03:32:56.0583 1240 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/08/25 03:32:56.0723 1240 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/25 03:32:56.0848 1240 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/08/25 03:32:56.0973 1240 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/25 03:32:57.0082 1240 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/25 03:32:57.0207 1240 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/25 03:32:57.0316 1240 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/25 03:32:57.0410 1240 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/08/25 03:32:57.0519 1240 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/25 03:32:57.0628 1240 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/25 03:32:57.0769 1240 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/25 03:32:57.0893 1240 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/08/25 03:32:58.0003 1240 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/25 03:32:58.0143 1240 Ntfs (b0ff28fef1c6b51bc1ac91b9ffd5d00e) C:\Windows\system32\drivers\Ntfs.sys
2011/08/25 03:32:58.0252 1240 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/08/25 03:32:58.0361 1240 nvraid (d71feb6fcb0912eb238f0cfe5cb085b8) C:\Windows\system32\DRIVERS\nvraid.sys
2011/08/25 03:32:58.0471 1240 nvstor (1d8b6a440dff2bdeaa4eb209fcba21bf) C:\Windows\system32\DRIVERS\nvstor.sys
2011/08/25 03:32:58.0580 1240 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/25 03:32:58.0689 1240 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/25 03:32:58.0814 1240 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/08/25 03:32:58.0923 1240 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/08/25 03:32:59.0032 1240 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/25 03:32:59.0141 1240 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/08/25 03:32:59.0251 1240 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/25 03:32:59.0344 1240 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/25 03:32:59.0453 1240 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/08/25 03:32:59.0594 1240 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/08/25 03:32:59.0734 1240 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\Windows\system32\DRIVERS\pgeffect.sys
2011/08/25 03:32:59.0906 1240 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/25 03:33:00.0015 1240 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/08/25 03:33:00.0140 1240 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/25 03:33:00.0265 1240 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/25 03:33:00.0389 1240 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/25 03:33:00.0514 1240 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/25 03:33:00.0623 1240 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/25 03:33:00.0717 1240 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/25 03:33:00.0857 1240 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/25 03:33:00.0982 1240 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/25 03:33:01.0107 1240 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/25 03:33:01.0216 1240 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/25 03:33:01.0325 1240 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/25 03:33:01.0435 1240 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/25 03:33:01.0559 1240 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/25 03:33:01.0669 1240 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/25 03:33:01.0793 1240 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/08/25 03:33:01.0918 1240 rdyboost (65db288f7372b1f632891fc32bf908b7) C:\Windows\system32\drivers\rdyboost.sys
2011/08/25 03:33:02.0074 1240 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/25 03:33:02.0215 1240 RSUSBSTOR (b87f999e05dd9c0312c83a8752e8e66b) C:\Windows\system32\Drivers\RtsUStor.sys
2011/08/25 03:33:02.0324 1240 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/08/25 03:33:02.0433 1240 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/25 03:33:02.0527 1240 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/25 03:33:02.0636 1240 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/25 03:33:02.0761 1240 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/25 03:33:02.0917 1240 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/25 03:33:03.0041 1240 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/25 03:33:03.0151 1240 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/08/25 03:33:03.0260 1240 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/25 03:33:03.0400 1240 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/25 03:33:03.0494 1240 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/25 03:33:03.0603 1240 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/25 03:33:03.0697 1240 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/25 03:33:03.0821 1240 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/08/25 03:33:03.0931 1240 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/25 03:33:04.0040 1240 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/25 03:33:04.0149 1240 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/08/25 03:33:04.0289 1240 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/08/25 03:33:04.0430 1240 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2011/08/25 03:33:04.0539 1240 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/25 03:33:04.0664 1240 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/25 03:33:04.0789 1240 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/25 03:33:04.0929 1240 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/25 03:33:05.0069 1240 SynTP (9a28f1c47ce0c8bbc02aaf5941ab44cd) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/25 03:33:05.0225 1240 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys
2011/08/25 03:33:05.0413 1240 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/25 03:33:05.0537 1240 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/25 03:33:05.0662 1240 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/08/25 03:33:05.0771 1240 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/08/25 03:33:05.0896 1240 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/08/25 03:33:06.0005 1240 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/25 03:33:06.0115 1240 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/25 03:33:06.0380 1240 tosrfec (8a555dcf3ddad3965da11550491408f8) C:\Windows\system32\DRIVERS\tosrfec.sys
2011/08/25 03:33:06.0520 1240 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\Windows\system32\DRIVERS\tos_sps32.sys
2011/08/25 03:33:06.0645 1240 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/25 03:33:06.0770 1240 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/25 03:33:06.0910 1240 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/08/25 03:33:07.0019 1240 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/25 03:33:07.0144 1240 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/25 03:33:07.0269 1240 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/25 03:33:07.0394 1240 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/25 03:33:07.0519 1240 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/25 03:33:07.0643 1240 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/25 03:33:07.0768 1240 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/25 03:33:07.0877 1240 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/25 03:33:08.0002 1240 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/25 03:33:08.0127 1240 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/25 03:33:08.0221 1240 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/25 03:33:08.0314 1240 USBSTOR (694c991cd0b8138888f086da6009adbc) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/25 03:33:08.0439 1240 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/25 03:33:08.0548 1240 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/25 03:33:08.0657 1240 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/25 03:33:08.0767 1240 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/25 03:33:08.0860 1240 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/08/25 03:33:08.0954 1240 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/25 03:33:09.0063 1240 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/08/25 03:33:09.0172 1240 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/08/25 03:33:09.0266 1240 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/25 03:33:09.0359 1240 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/25 03:33:09.0469 1240 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/08/25 03:33:09.0578 1240 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/25 03:33:09.0703 1240 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/25 03:33:09.0812 1240 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/25 03:33:09.0921 1240 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/25 03:33:10.0030 1240 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/25 03:33:10.0139 1240 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/25 03:33:10.0171 1240 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/25 03:33:10.0295 1240 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/08/25 03:33:10.0405 1240 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/25 03:33:10.0561 1240 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/25 03:33:10.0654 1240 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/08/25 03:33:10.0810 1240 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/25 03:33:10.0951 1240 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/25 03:33:11.0075 1240 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/08/25 03:33:11.0153 1240 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/08/25 03:33:11.0153 1240 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/25 03:33:11.0169 1240 Boot (0x1200) (9e2c88349e2740f9c621b2ad7e2b7876) \Device\Harddisk0\DR0\Partition0
2011/08/25 03:33:11.0200 1240 Boot (0x1200) (579071abb62891f99b850a0b38537e99) \Device\Harddisk0\DR0\Partition1
2011/08/25 03:33:11.0216 1240 ================================================================================
2011/08/25 03:33:11.0216 1240 Scan finished
2011/08/25 03:33:11.0216 1240 ================================================================================
2011/08/25 03:33:11.0216 1836 Detected object count: 1
2011/08/25 03:33:11.0216 1836 Actual detected object count: 1
2011/08/25 03:34:04.0162 1836 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/25 03:34:04.0162 1836 \Device\Harddisk0\DR0 - ok
2011/08/25 03:34:04.0162 1836 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/25 03:34:07.0392 5744 Deinitialize success

#7 hh749

hh749
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 24 August 2011 - 07:48 PM

just a quick question before i start the combofix how will i know if the antivirus is disabled or not when i dont have any icons to click to be able to disable it. Avast is not showing in the task bar and its icon isnt showing in the programs short cuts, if i go to the start menu and click on the avast icon it does nothing. so im not able to tell if avast is running or not, And also windows is still asking me to download antivirus software online as it isnt recognizing that i have avast installed. i dont want to start the combo fix and this isnt sorted first.

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:45 AM

Posted 24 August 2011 - 08:25 PM

Hello,

Please run the following and try to see if Avast icon will work now. IF not then proceed with Combofix.

1.
Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

2.
Please download and run unhide.exe.


Now try Avast before running Combofix. If not then proceed on with Combofix.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 hh749

hh749
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 24 August 2011 - 08:28 PM

ok ill do that now thank you.

#10 hh749

hh749
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 24 August 2011 - 09:02 PM

Hi i tried the top fixes you suggested before running combo fix neither worked on getting the Avast icons to work. so i went ahead and run the combo fix. After it rebooted and while i was waiting for the txt file to open i got a couple of message come up, one of which was application has generated an execption that can not be completed or almost that sorry i could get it all, then it gave this info. process ID=oxcb8(3256) thread ID=oxcbc(3260) i dont know if that is any use to you or not, i just want to make sure i give you all the info i can. there was also some thing from microsoft frame network which i could not get written down. and also one about a file that was for marked for deletion.

Here is the txt file from combo fix.

ComboFix 11-08-24.06 - sara 25/08/2011 4:43.1.4 - x86
Microsoft Windows 7 Home Basic 6.1.7600.0.1252.44.1033.18.2931.1996 [GMT 3:00]
Running from: c:\users\sara\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\sara\AppData\Local\Temp\AB.tmp
c:\windows\system32\oem30.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-25 01:47 . 2011-08-25 01:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-18 23:47 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-08-18 23:47 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-08-18 23:47 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-08-17 19:54 . 2009-11-25 09:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-17 19:54 . 2009-11-25 09:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-17 19:54 . 2009-11-25 09:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-08-17 19:54 . 2009-11-25 09:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-08-17 19:54 . 2009-11-25 09:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-08-17 19:48 . 2011-08-17 19:48 -------- d-----w- c:\program files\MSXML 4.0
2011-08-17 12:50 . 2011-08-17 12:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-17 12:50 . 2011-08-17 12:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-17 06:58 . 2011-07-08 04:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-17 06:58 . 2011-08-17 06:58 -------- d-----w- c:\programdata\Malwarebytes
2011-08-17 06:58 . 2011-08-17 20:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-17 06:58 . 2011-07-08 04:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-17 06:31 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-08-16 18:26 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-16 18:26 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-16 18:22 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-16 18:21 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
2011-08-16 18:21 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-08-16 18:21 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-08-16 18:21 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-08-16 18:21 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-08-16 18:21 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
2011-08-16 18:21 . 2010-12-21 05:36 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-08-16 18:21 . 2010-12-21 05:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-08-16 18:21 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-08-16 18:19 . 2011-07-20 06:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B3BF85B-B1EF-4E39-A2CB-68BE975729EE}\mpengine.dll
2011-08-16 18:19 . 2011-05-24 16:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-16 18:15 . 2011-02-03 05:32 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-08-16 18:15 . 2011-02-03 05:32 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-08-16 18:15 . 2011-02-03 05:15 107520 ----a-w- c:\windows\system32\cdd.dll
2011-08-16 18:14 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-08-16 18:10 . 2011-04-29 05:08 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-16 18:03 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-08-16 18:03 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-08-16 18:03 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-16 18:03 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-08-16 18:03 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-08-16 18:03 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-08-16 18:03 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-08-16 18:02 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2011-08-16 17:59 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-08-16 17:58 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-08-16 17:58 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-08-16 17:58 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-16 17:58 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-16 17:58 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-16 17:58 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-16 17:58 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-16 17:58 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-16 17:58 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2011-08-16 17:57 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-08-16 17:57 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-08-16 17:57 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-08-16 17:57 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-08-16 17:57 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-08-14 09:08 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-08-12 09:10 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-12 09:10 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-12 09:10 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-12 09:10 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-12 09:10 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-12 09:10 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-12 09:10 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-12 09:10 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-12 09:10 . 2011-08-12 09:10 -------- d-----w- c:\programdata\AVAST Software
2011-08-12 09:10 . 2011-08-12 09:10 -------- d-----w- c:\program files\AVAST Software
2011-08-03 23:58 . 2011-08-03 23:58 -------- d-----w- c:\program files\trend micro
2011-08-03 23:58 . 2011-08-03 23:58 -------- d-----w- C:\rsit
2011-08-03 23:53 . 2011-08-03 23:54 -------- d-----w- c:\program files\ERUNT
2011-08-02 02:26 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-08-02 01:42 . 2011-08-18 23:44 -------- d-----w- c:\users\sara
2011-08-02 00:37 . 2011-08-02 00:37 -------- d-----w- c:\windows\system32\sda
2011-08-02 00:15 . 2011-08-02 00:15 -------- d-----w- c:\windows\OemDrv
2011-08-02 00:12 . 2011-08-02 00:12 -------- d-----w- c:\windows\system32\Macromed
2011-08-02 00:12 . 2011-08-02 00:12 -------- d-----w- c:\program files\Common Files\Toshiba Shared
2011-08-02 00:12 . 2010-05-08 14:38 275536 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2011-08-02 00:12 . 2009-03-09 11:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-08-02 00:09 . 2009-06-22 13:04 24064 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2011-08-02 00:09 . 2011-08-02 00:12 -------- d-----w- c:\programdata\Toshiba
2011-08-02 00:07 . 2011-08-02 00:07 -------- d-----w- c:\program files\Broadcom
2011-08-02 00:07 . 2011-08-02 00:07 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-08-02 00:07 . 2011-08-02 00:07 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-08-02 00:07 . 2011-08-02 00:07 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2011-08-02 00:07 . 2011-08-02 00:07 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2011-08-02 00:07 . 2011-08-02 00:07 2707448 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2011-08-02 00:06 . 2010-01-07 05:05 182304 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2011-08-02 00:06 . 2010-01-07 05:05 7367200 ----a-w- c:\windows\system32\RtsUStoricon.dll
2011-08-02 00:06 . 2010-01-07 05:05 313888 ----a-w- c:\windows\system32\RtsUStor.dll
2011-08-02 00:05 . 2011-08-02 00:05 -------- d-----w- c:\program files\Synaptics
2011-08-02 00:02 . 1999-10-12 14:47 24576 ----a-w- c:\windows\system32\TSCI.dll
2011-08-02 00:02 . 1999-10-12 14:45 24576 ----a-w- c:\windows\system32\THCI.dll
2011-08-02 00:02 . 2011-08-02 00:02 -------- d-----w- c:\windows\system32\Microsoft.VC80.MFC
2011-08-02 00:02 . 2011-08-02 00:02 -------- d-----w- c:\programdata\vista64
2011-08-02 00:02 . 2011-08-02 00:04 -------- d-----w- c:\programdata\win7_32
2011-08-02 00:02 . 2011-08-02 00:02 -------- d-----w- c:\programdata\vista32
2011-08-02 00:02 . 2011-08-02 00:02 -------- d-----w- c:\programdata\win7_64
2011-08-02 00:01 . 2011-08-02 00:01 17520 ----a-w- c:\windows\system32\drivers\CeKbFilter.sys
2011-08-02 00:01 . 2010-10-22 05:52 49152 ----a-w- c:\windows\system32\HWS_Ctrl.dll
2011-08-02 00:01 . 2010-03-04 12:44 24576 ----a-w- c:\windows\system32\TSBWLS.dll
2011-08-02 00:00 . 2011-08-02 00:11 -------- d-----w- c:\windows\Downloaded Installations
2011-08-01 23:58 . 2011-08-01 23:58 -------- d-----w- c:\program files\Common Files\InstallShield
2011-08-01 23:57 . 2010-01-15 08:06 433176 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-08-01 23:53 . 2011-08-01 23:53 -------- d-----w- C:\Intel
2011-08-01 23:53 . 2011-08-01 23:53 -------- d-----w- c:\program files\Common Files\postureAgent
2011-08-01 23:53 . 2009-09-17 08:54 41088 ----a-w- c:\windows\system32\drivers\HECI.sys
2011-08-01 23:51 . 2011-08-01 23:57 -------- d-----w- c:\program files\Intel
2011-08-01 23:51 . 2009-11-18 12:03 53248 ----a-w- c:\windows\system32\CSVer.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-02 01:43 . 2010-06-24 07:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2010-09-28 521640]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 611672]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-07-09 31648]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-04-23 467816]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-10 1697064]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-03-03 352256]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-10-19 163840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-07-28 1493608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 170520]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-02 1234216]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 136216]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 425984]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 171032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-05-08 742776]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-08 1047656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 aswSnx;aswSnx; [x]
R2 aswFsBlk;aswFsBlk;aswFsBlk.sys [x]
R2 bfmdnyat;Mouse HID Monitor;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-05 6473216]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-05 228352]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-08 41272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 182304]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-28 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2011-08-02 17520]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bfmdnyat
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://toshiba.msn.com
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2011-08-25 04:51:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-25 01:51
.
Pre-Run: 226,808,737,792 bytes free
Post-Run: 226,486,595,584 bytes free
.
- - End Of File - - 2B962E6C6CE03747ECBAA510226D2BEF

I still have no icon for avast and its still not in the task bar so i still have no idea if its running or even installed or not.

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:45 AM

Posted 24 August 2011 - 10:16 PM

Hello,


Your logs look good. Lets uninstall Avast and reinstall it. It may have become corrupted.

1.

Uninstall Avast!


You should be able to remove Avast! products via Start > Control Panel > Add or Remove Programs.
If you need instructions on how to do so, please consult: How To Remove An Installed Program From Your Computer

The following removal utility can be used to uninstall the program if the uninstall via Add/remove does not work:

  • Download aswClear.exe on to your desktop.
  • Start Windows in Safe Mode.
  • Run aswClear.exe.
  • If you installed Avast! in a different folder than the default, browse for it.
    (Note: Be careful! The content of any folder you choose will be deleted!)
  • Click REMOVE.
  • Restart your computer.
Avast! should now be removed from your PC.


Original instructions can be found here:
http://www.avast.com/eng/faq-install-uninstall-avast.html

2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, type 1 (SCAN) then Enter
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

3.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

4.
Windows 7 includes a disk checking tool called CHKDSK which is similar to the "scandisk" tool from older versions of Windows. This application scans your hard drives for errors such as lost sectors, bad sectors and corruption.

You can launch CHKDSK using two methods (the former being the easiest):

Graphical Interface:

Open the Computer option from the start menu, which will display all of the drives available to scan on your PC:

Posted Image

Then, right click on the drive you wish to scan for errors and select Properties:
Posted Image

Now click the Tools menu, then Check Now under the error-checking section:
Posted Image

You have several options within the check disk tool. It is always recommended you leave the "automatically fix file system errors" box checked, as this repairs and problems found. If you want to perform a deeper scan, tick "scan for and attempt recovery of bad sectors". This second option takes longer, but is worth doing if you suspect a drive problem. Once you are configured, click Start:

Posted Image

If you try to check a disk that is currently in use, you will receive a message asking if you wish to schedule a scan. Accepting this will perform the scan next time you restart your PC:

Posted Image

Things to include in your next reply::
Roguekiller log
MBAM log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 hh749

hh749
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 25 August 2011 - 10:32 AM

Hi another quick question, i have just used the aswclear to remove avast as it wasnt even in add and remove. restarting the system now, should i install avast before doing the other things or leave it till after, i havent started it up yet as i dont want it to be online without AV protection. Not now we are getting close to finishing with cleaning it.

Also id like to know should i uninstall malware bytes which i installed for a fix earlier in the am i infected forum? then download it again and rename it and install it or should i just use it as is?? this one was installed from cd as at the time i couldnt download it directly.

Edited by hh749, 25 August 2011 - 11:18 AM.


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:45 AM

Posted 25 August 2011 - 06:35 PM

Hello,

Hi another quick question, i have just used the aswclear to remove avast as it wasnt even in add and remove. restarting the system now, should i install avast before doing the other things or leave it till after, i havent started it up yet as i dont want it to be online without AV protection. Not now we are getting close to finishing with cleaning it.

I would leave it off until after you complete the other scans then install it.

Also id like to know should i uninstall malware bytes which i installed for a fix earlier in the am i infected forum? then download it again and rename it and install it or should i just use it as is?? this one was installed from cd as at the time i couldnt download it directly.


You can use the existing one just make sure to update it before running it.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 hh749

hh749
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 25 August 2011 - 08:04 PM

Here is the rogue killer log, just going to do the malware bytes scan now.

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: sara [Admin rights]
Mode: Scan -- Date : 08/26/2011 04:01:27

Bad processes: 0

Registry Entries: 2
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt

#15 hh749

hh749
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 25 August 2011 - 08:12 PM

Here is the malware bytes log.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7571

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26/08/2011 04:10:18
mbam-log-2011-08-26 (04-10-18).txt

Scan type: Quick scan
Objects scanned: 158304
Time elapsed: 2 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


the laptop is running alot better now, it hasnt crashed at all since removing all of the rubbish from it, and things are alot better. Avast has installed ok and is running and shows in all the places it should show. it updated and performed its first scan. So things are not bad considering.

Edited by hh749, 25 August 2011 - 08:29 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users