Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

80000032.$ and kwrd.dll possible trojan infection


  • This topic is locked This topic is locked
9 replies to this topic

#1 carstraft

carstraft

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 26 September 2011 - 05:35 PM

I am having these problems, I already posted about it in the "Am I Infected?" section, and they told me to post here for help.

Here is the original thread: http://www.bleepingcomputer.com/forums/topic420586.html
Please see the original thread/post for more information on the problem.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion:

1.6.0_26
Run by Kyle at 17:26:06 on 2011-09-26
Microsoft Windows 7 Home Premium

6.1.7601.1.1252.1.1033.18.3964.2479 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated*

{88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-

4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated*

{33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k

LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k

LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint

Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k

LocalServiceNoNetwork
C:\Windows\system32\agr64svc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera

Application\TWebCameraSrv.exe
C:\Program Files (x86)\Common Files\Symantec Shared

\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k

LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe

\LSSrvc.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER

\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert

\TosSmartSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSvcM.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint

Protection\Rtvscan.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint

Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint

Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert

\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier

\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Common Files\Symantec Shared

\ccApp.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station

\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and

Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update

\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station

\TMachInfo.exe
c:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Common Files\Microsoft Shared\Ink

\InputPersonalization.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL =

hxxp://www.google.com/ig/redirectdomain?

brand=TSHB&bmod=TSHB
uStart Page = hxxp://www.google.com/ig/redirectdomain?

brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-

fa578c2ebdc3} - C:\Program Files (x86)\Common Files

\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-

b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft

Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-

4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common

Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-

cf10577473f7} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-

b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google

\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-

435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java

\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-

009027a5cd4f} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google

\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files

(x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe"

-silent
mRun: [ccApp] "C:\Program Files (x86)\Common Files

\Symantec Shared\ccApp.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft

Office\Office12\GrooveMonitor.exe"
mRun: [ToshibaServiceStation] "C:\Program Files

(x86)\TOSHIBA\TOSHIBA Service Station

\ToshibaServiceStation.exe" /hide:60
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA

\TOSHIBA USB Sleep and Charge Utility

\TUSBSleepChargeSrv.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp

\winampa.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes

\iTunesHelper.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files

(x86)\Common Files\Adobe\CS5ServiceManager

\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common

Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [QuickTime Task] "C:\Program Files

(x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files

(x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage =

0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows

\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:

\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google

\Google Toolbar\Component

\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsid

ewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304

-E1D6-4330-914C-F5F514E3486C} - C:

\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31

-CC5A-4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-

windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-

windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-

windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1CB61589-123D-4B41-8095-1219C2191127}

: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1CB61589-123D-4B41-8095-

1219C2191127}\16474777966696 : DhcpNameServer =

192.168.128.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{1CB61589-123D-4B41-8095-

1219C2191127}\3707279636B6564737 : DhcpNameServer =

204.89.253.1 204.89.253.2
TCP: Interfaces\{1CB61589-123D-4B41-8095-

1219C2191127}\472796E696479723 : DhcpNameServer =

10.0.0.1
TCP: Interfaces\{1CB61589-123D-4B41-8095-

1219C2191127}\9455027457563747 : DhcpNameServer =

129.79.1.1 129.79.5.100 129.79.8.50
TCP: Interfaces\{1CB61589-123D-4B41-8095-

1219C2191127}\E4544574541425 : DhcpNameServer =

192.168.1.1
TCP: Interfaces\{E80BF325-35E0-4C1F-847F-77237049A80C}

: DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-

3CB6248B04CD} - C:\Program Files (x86)\Microsoft

Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-

4420-b3ba-52453494e6cd} - C:\Program Files

(x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1

winsrv:UserServerDllInitialization,3

consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-

A596-FA578C2EBDC3} - C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-

4D22-B7F9-0BBC1D38A37E} - C:\Program Files

(x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-

4C02-4ABF-8ECC-5164760863C6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-

8333-CF10577473F7} - C:\Program Files (x86)\Google

\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-

4638-B6FA-CE66B5AD205D} - C:\Program Files

(x86)\Google\GoogleToolbarNotifier

\5.7.6406.1642\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445

-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java

\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-

009027A5CD4F} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files

\Symantec Shared\ccApp.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files

(x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [ToshibaServiceStation] "C:\Program Files

(x86)\TOSHIBA\TOSHIBA Service Station

\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%

\TOSHIBA\TOSHIBA USB Sleep and Charge Utility

\TUSBSleepChargeSrv.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp

\winampa.exe"
mRun-x64: [iTunesHelper] "C:\Program Files

(x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files

(x86)\Common Files\Adobe\CS5ServiceManager

\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common

Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [QuickTime Task] "C:\Program Files

(x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files

(x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-

DDA6-4420-B3BA-52453494E6CD} - C:\Program Files

(x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kyle\AppData\Roaming

\Mozilla\Firefox\Profiles\nj4z0dl8.default\
FF - component: C:\Users\Kyle\AppData\Roaming\Mozilla

\Firefox\Profiles\nj4z0dl8.default\extensions

\firesheep@codebutler.com\platform\WINNT_x86-msvc

\components\mozpopen.dll
FF - plugin: C:\Program Files (x86)\Google\Update

\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin

\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft

Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox

\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox

\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox

\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox

\plugins\npwachk.dll
FF - plugin: C:\Program Files

(x86)\Picasa2\npPicasa2.dll
FF - plugin: C:\Program Files

(x86)\Picasa2\npPicasa3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash

\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-

external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor

Driver;C:\Windows\system32\DRIVERS\Thpevm.SYS --> C:

\Windows\system32\DRIVERS\Thpevm.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows

\system32\DRIVERS\vwififlt.sys --> C:\Windows

\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows

\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 camsvc;TOSHIBA Web Camera Service;C:\Program Files

(x86)\TOSHIBA\TOSHIBA Web Camera Application

\TWebCameraSrv.exe [2009-8-18 20544]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS

\rimspe64.sys --> C:\Windows\system32\DRIVERS

\rimspe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS

\rixdpe64.sys --> C:\Windows\system32\DRIVERS

\rixdpe64.sys [?]
R2 RSELSVC;TOSHIBA Modem region select service;C:

\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-2-19

55808]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:

\Program Files (x86)\Symantec\Symantec Endpoint

Protection\Rtvscan.exe [2009-9-17 2477304]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility

Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe

[2009-4-14 251392]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert

Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert

\TosSmartSrv.exe [2009-3-17 84480]
R2 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM

\TPCHSrv.exe [2009-4-9 803696]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and

General Purpose Device Filter Driver;C:\Windows

\system32\DRIVERS\TVALZFL.sys --> C:\Windows

\system32\DRIVERS\TVALZFL.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program

Files (x86)\Common Files\Symantec Shared\EENGINE

\EraserUtilRebootDrv.sys [2011-7-29 136824]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS

\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys

[?]
R3 IntcHdmiAddService;Intel® High Definition Audio

HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:

\Windows\system32\drivers\IntcHdmi.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series

Adapter Driver for Windows 7 - 64 Bit;C:\Windows

\system32\DRIVERS\NETw5s64.sys --> C:\Windows

\system32\DRIVERS\NETw5s64.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows

\system32\DRIVERS\pgeffect.sys --> C:\Windows

\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows

\system32\DRIVERS\Rt64win7.sys --> C:\Windows

\system32\DRIVERS\Rt64win7.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA

\TOSHIBA Service Station\TMachInfo.exe [2009-8-26

54136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET

Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET

\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET

Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program

Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-16

135664]
S2 Secunia Update Agent;Secunia Update Agent;"C:

\Program Files (x86)\Secunia\PSI\sua.exe" --start-

service --> C:\Program Files (x86)\Secunia\PSI\sua.exe

[?]
S3 androidusb;SAMSUNG Android Composite ADB Interface

Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:

\Windows\system32\Drivers\ssadadb.sys [?]
S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers

\COH_Mon.sys --> C:\Windows\system32\Drivers

\COH_Mon.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program

Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-16

135664]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows

\system32\DRIVERS\lvrs64.sys --> C:\Windows

\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows

\system32\DRIVERS\lvuvc64.sys --> C:\Windows

\system32\DRIVERS\lvuvc64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series

Adapter Driver for Windows Vista 64 Bit;C:\Windows

\system32\DRIVERS\netw5v64.sys --> C:\Windows

\system32\DRIVERS\netw5v64.sys [?]
S3 pneteth;PdaNet Broadband;C:\Windows

\system32\DRIVERS\pneteth.sys --> C:\Windows

\system32\DRIVERS\pneteth.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver

(WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:

\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:

\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows

\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:

\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows

\system32\DRIVERS\ssadmdm.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files

(x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers

\tsusbflt.sys --> C:\Windows\system32\drivers

\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies

Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:

\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity

Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-

11 306416]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows

\system32\DRIVERS\WSDPrint.sys --> C:\Windows

\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2011-09-26 08:07:13 -------- d-----we

C:\Windows\system64
2011-09-16 03:00:39 -------- d-----w-

C:\Program Files (x86)\Common Files\Steam
2011-09-16 03:00:38 -------- d-----w-

C:\Program Files (x86)\Steam
2011-09-15 07:13:00 -------- d-----w-

C:\Program Files (x86)\X-Chat 2
2011-09-12 22:40:50 -------- d-----w-

C:\Users\Kyle\AppData\Local\Secunia PSI
2011-09-12 22:40:42 -------- d-----w-

C:\Program Files (x86)\Secunia
2011-09-09 22:04:53 140800 ----a-w- C:

\Windows\SysWow64\tm20dec.ax
2011-09-09 22:04:20 304128 ----a-w- C:

\Windows\IsUninst.exe
2011-09-09 22:00:35 -------- d-----w-

C:\Program Files (x86)\Final Fantasy VII
.
==================== Find3M ====================
.
2011-08-31 22:00:50 25416 ----a-w- C:

\Windows\System32\drivers\mbam.sys
2011-08-23 23:23:48 404640 ----a-w- C:

\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:22:26 1638912 ----a-w- C:

\Windows\System32\mshtml.tlb
2011-07-22 04:54:18 1638912 ----a-w- C:

\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:

\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:

\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:

\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:

\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:

\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:

\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:

\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:

\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:

\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:

\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:

\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:

\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:

\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:

\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:

\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:

\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:26:20 2048 ----a-w- C:

\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:

\Windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:

\Windows\System32\drivers\mrxsmb10.sys
2011-07-05 23:37:00 94208 ----a-w- C:

\Windows\SysWow64\QuickTimeVR.qtx
2011-07-05 23:37:00 69632 ----a-w- C:

\Windows\SysWow64\QuickTime.qts
2011-07-01 18:55:56 175616 ----a-w- C:

\Windows\System32\msclmd.dll
2011-07-01 18:55:56 152576 ----a-w- C:

\Windows\SysWow64\msclmd.dll
2010-01-26 22:22:14 4636488 ----a-w- C:

\Program Files (x86)\Common Files

\Samsung_Mobile_USB_Driver(V5.2)_V1.2.1060.0.exe
.
============= FINISH: 17:26:46.24 ===============



I am running 64-bit Windows, so I did not run GMER since the preparation guide said it was only for 32-bit users. But in my original thread, the person helping me posted what I assume was a 64-bit version of GMER and I was able to run it and post a log. If you want me to use that and post a log, let me know! Thanks!

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 01 October 2011 - 09:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.


Please run the DDS tool again. I'm having difficulties reading it in the present format.

Post the log but before you do, remove the WordWrap function from NotePad.
You will find this under the Format Menu.
This will eliminate all the blank lines in your log and make is possible for me to analyse your log.

Please post the logs and let me know what problem persists.

#3 carstraft

carstraft
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 01 October 2011 - 03:52 PM

Hello nasdaq, sorry about that I didn't realize i had word wrap on!
Here's some more specific information on what my computer is doing, since it's been a few days i've been able to notice the little pattern. Everytime I turn my computer on, Symantec will detect the kwrd.dll file and quarantine it immediately, and then it'll start detecting 80000032.$ and quarantining it, over and over and over again.

I've also noticed that whenever i close my laptop and it enters it's sleep/hibernation mode, most of the time it will end up locking up. This has been forcing me to turn it off by holding the power button. Not sure if it's related or what, but it didn't start doing this until theses supposed trojans started appearing.

Edit - i just noticed that it's now also detecting/quarantining "800000c0.$" It's behaving like 80000032.$ in a way that it's constantly being detected and quarantined.

Here is the tdss log:

15:40:42.0374 3896 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
15:40:42.0982 3896 ============================================================
15:40:42.0982 3896 Current date / time: 2011/10/01 15:40:42.0982
15:40:42.0982 3896 SystemInfo:
15:40:42.0982 3896
15:40:42.0982 3896 OS Version: 6.1.7601 ServicePack: 1.0
15:40:42.0982 3896 Product type: Workstation
15:40:42.0982 3896 ComputerName: KILLBOT
15:40:42.0982 3896 UserName: Kyle
15:40:42.0982 3896 Windows directory: C:\Windows
15:40:42.0982 3896 System windows directory: C:\Windows
15:40:42.0982 3896 Running under WOW64
15:40:42.0982 3896 Processor architecture: Intel x64
15:40:42.0982 3896 Number of processors: 2
15:40:42.0983 3896 Page size: 0x1000
15:40:42.0983 3896 Boot type: Normal boot
15:40:42.0983 3896 ============================================================
15:40:43.0639 3896 Initialize success
15:40:46.0882 5080 ============================================================
15:40:46.0882 5080 Scan started
15:40:46.0882 5080 Mode: Manual;
15:40:46.0882 5080 ============================================================
15:40:47.0692 5080 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:40:47.0707 5080 1394ohci - ok
15:40:47.0845 5080 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:40:47.0850 5080 ACPI - ok
15:40:47.0988 5080 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:40:48.0010 5080 AcpiPmi - ok
15:40:48.0172 5080 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:40:48.0239 5080 adp94xx - ok
15:40:48.0398 5080 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:40:48.0465 5080 adpahci - ok
15:40:48.0620 5080 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:40:48.0646 5080 adpu320 - ok
15:40:48.0842 5080 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:40:48.0848 5080 AFD - ok
15:40:49.0048 5080 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
15:40:49.0095 5080 AgereSoftModem - ok
15:40:49.0409 5080 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:40:49.0441 5080 agp440 - ok
15:40:49.0632 5080 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:40:49.0661 5080 aliide - ok
15:40:49.0784 5080 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:40:49.0804 5080 amdide - ok
15:40:49.0919 5080 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:40:49.0950 5080 AmdK8 - ok
15:40:50.0037 5080 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:40:50.0068 5080 AmdPPM - ok
15:40:50.0159 5080 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:40:50.0184 5080 amdsata - ok
15:40:50.0264 5080 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:40:50.0319 5080 amdsbs - ok
15:40:50.0452 5080 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:40:50.0478 5080 amdxata - ok
15:40:50.0548 5080 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
15:40:50.0571 5080 androidusb - ok
15:40:50.0645 5080 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:40:50.0669 5080 AppID - ok
15:40:50.0876 5080 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:40:50.0900 5080 arc - ok
15:40:50.0958 5080 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:40:50.0980 5080 arcsas - ok
15:40:51.0034 5080 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:40:51.0034 5080 AsyncMac - ok
15:40:51.0192 5080 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:40:51.0216 5080 atapi - ok
15:40:51.0323 5080 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:40:51.0401 5080 b06bdrv - ok
15:40:51.0468 5080 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:40:51.0495 5080 b57nd60a - ok
15:40:51.0563 5080 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:40:51.0564 5080 Beep - ok
15:40:51.0618 5080 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:40:51.0620 5080 blbdrive - ok
15:40:51.0698 5080 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:40:51.0699 5080 bowser - ok
15:40:51.0762 5080 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:40:51.0786 5080 BrFiltLo - ok
15:40:51.0811 5080 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:40:51.0832 5080 BrFiltUp - ok
15:40:51.0872 5080 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:40:51.0874 5080 Bridge - ok
15:40:51.0896 5080 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:40:51.0898 5080 BridgeMP - ok
15:40:51.0951 5080 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:40:52.0007 5080 Brserid - ok
15:40:52.0052 5080 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:40:52.0081 5080 BrSerWdm - ok
15:40:52.0153 5080 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:40:52.0174 5080 BrUsbMdm - ok
15:40:52.0210 5080 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:40:52.0231 5080 BrUsbSer - ok
15:40:52.0300 5080 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:40:52.0323 5080 BTHMODEM - ok
15:40:52.0412 5080 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:40:52.0438 5080 cdfs - ok
15:40:52.0520 5080 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:40:52.0545 5080 cdrom - ok
15:40:52.0652 5080 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:40:52.0675 5080 circlass - ok
15:40:52.0742 5080 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:40:52.0747 5080 CLFS - ok
15:40:52.0912 5080 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:40:52.0913 5080 CmBatt - ok
15:40:52.0964 5080 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:40:52.0986 5080 cmdide - ok
15:40:53.0056 5080 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:40:53.0110 5080 CNG - ok
15:40:53.0155 5080 COH_Mon (e2a019a8cef1b9184f72bf8fa74ad20c) C:\Windows\system32\Drivers\COH_Mon.sys
15:40:53.0179 5080 COH_Mon - ok
15:40:53.0269 5080 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:40:53.0294 5080 Compbatt - ok
15:40:53.0370 5080 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:40:53.0371 5080 CompositeBus - ok
15:40:53.0412 5080 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:40:53.0438 5080 crcdisk - ok
15:40:53.0554 5080 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:40:53.0555 5080 DfsC - ok
15:40:53.0607 5080 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:40:53.0608 5080 discache - ok
15:40:53.0652 5080 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:40:53.0676 5080 Disk - ok
15:40:53.0770 5080 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:40:53.0828 5080 drmkaud - ok
15:40:53.0910 5080 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:40:53.0920 5080 DXGKrnl - ok
15:40:53.0989 5080 easytether - ok
15:40:54.0114 5080 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:40:54.0240 5080 ebdrv - ok
15:40:55.0893 5080 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:40:55.0898 5080 eeCtrl - ok
15:40:57.0145 5080 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:40:57.0189 5080 elxstor - ok
15:40:58.0338 5080 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:40:58.0340 5080 EraserUtilRebootDrv - ok
15:40:59.0061 5080 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:40:59.0145 5080 ErrDev - ok
15:41:00.0430 5080 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:41:00.0456 5080 exfat - ok
15:41:00.0995 5080 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:41:00.0997 5080 fastfat - ok
15:41:01.0543 5080 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:41:01.0566 5080 fdc - ok
15:41:02.0865 5080 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:41:02.0894 5080 FileInfo - ok
15:41:03.0469 5080 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:41:03.0496 5080 Filetrace - ok
15:41:04.0315 5080 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:41:04.0337 5080 flpydisk - ok
15:41:05.0408 5080 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:41:05.0411 5080 FltMgr - ok
15:41:06.0812 5080 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:41:06.0824 5080 FsDepends - ok
15:41:07.0242 5080 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:41:07.0268 5080 Fs_Rec - ok
15:41:07.0688 5080 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:41:07.0690 5080 fvevol - ok
15:41:08.0213 5080 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
15:41:08.0214 5080 FwLnk - ok
15:41:08.0717 5080 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:41:08.0750 5080 gagp30kx - ok
15:41:08.0962 5080 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:41:08.0962 5080 GEARAspiWDM - ok
15:41:09.0262 5080 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:41:09.0288 5080 hcw85cir - ok
15:41:09.0678 5080 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:41:09.0682 5080 HdAudAddService - ok
15:41:10.0007 5080 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:41:10.0008 5080 HDAudBus - ok
15:41:10.0445 5080 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:41:10.0466 5080 HidBatt - ok
15:41:11.0712 5080 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:41:11.0737 5080 HidBth - ok
15:41:12.0670 5080 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:41:12.0724 5080 HidIr - ok
15:41:13.0033 5080 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:41:13.0034 5080 HidUsb - ok
15:41:13.0507 5080 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:41:13.0535 5080 HpSAMD - ok
15:41:14.0093 5080 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:41:14.0136 5080 HTTP - ok
15:41:14.0529 5080 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:41:14.0530 5080 hwpolicy - ok
15:41:15.0021 5080 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:41:15.0023 5080 i8042prt - ok
15:41:15.0373 5080 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
15:41:15.0377 5080 iaStor - ok
15:41:16.0127 5080 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:41:16.0216 5080 iaStorV - ok
15:41:16.0795 5080 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:41:17.0049 5080 igfx - ok
15:41:17.0411 5080 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:41:17.0439 5080 iirsp - ok
15:41:17.0914 5080 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys
15:41:17.0916 5080 IntcHdmiAddService - ok
15:41:19.0251 5080 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:41:19.0274 5080 intelide - ok
15:41:19.0863 5080 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:41:19.0866 5080 intelppm - ok
15:41:20.0101 5080 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:41:20.0132 5080 IpFilterDriver - ok
15:41:22.0346 5080 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:41:22.0376 5080 IPMIDRV - ok
15:41:23.0218 5080 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:41:23.0253 5080 IPNAT - ok
15:41:23.0636 5080 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:41:23.0661 5080 IRENUM - ok
15:41:24.0283 5080 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:41:24.0308 5080 isapnp - ok
15:41:25.0186 5080 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:41:25.0226 5080 iScsiPrt - ok
15:41:25.0585 5080 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:41:25.0586 5080 kbdclass - ok
15:41:26.0016 5080 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:41:26.0017 5080 kbdhid - ok
15:41:26.0343 5080 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:41:26.0364 5080 KSecDD - ok
15:41:27.0186 5080 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:41:27.0218 5080 KSecPkg - ok
15:41:27.0541 5080 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:41:27.0542 5080 ksthunk - ok
15:41:27.0930 5080 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:41:27.0932 5080 lltdio - ok
15:41:28.0103 5080 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:41:28.0128 5080 LSI_FC - ok
15:41:28.0342 5080 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:41:28.0367 5080 LSI_SAS - ok
15:41:28.0617 5080 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:41:28.0648 5080 LSI_SAS2 - ok
15:41:29.0006 5080 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:41:29.0040 5080 LSI_SCSI - ok
15:41:29.0478 5080 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:41:29.0480 5080 luafv - ok
15:41:29.0962 5080 LVRS64 (8f0dd6ef66ef33e3d58ff8fbc7b6a1a6) C:\Windows\system32\DRIVERS\lvrs64.sys
15:41:29.0991 5080 LVRS64 - ok
15:41:30.0368 5080 LVUVC64 (f012f568c99a45f4ecd0b939c621b1a4) C:\Windows\system32\DRIVERS\lvuvc64.sys
15:41:30.0565 5080 LVUVC64 - ok
15:41:30.0864 5080 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:41:30.0882 5080 megasas - ok
15:41:31.0246 5080 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:41:31.0312 5080 MegaSR - ok
15:41:31.0738 5080 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:41:31.0739 5080 Modem - ok
15:41:31.0913 5080 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:41:31.0914 5080 monitor - ok
15:41:32.0038 5080 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:41:32.0039 5080 mouclass - ok
15:41:32.0241 5080 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:41:32.0242 5080 mouhid - ok
15:41:33.0113 5080 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:41:33.0114 5080 mountmgr - ok
15:41:34.0779 5080 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:41:34.0796 5080 mpio - ok
15:41:35.0201 5080 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:41:35.0203 5080 mpsdrv - ok
15:41:35.0455 5080 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:41:35.0490 5080 MRxDAV - ok
15:41:36.0412 5080 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:41:36.0415 5080 mrxsmb - ok
15:41:36.0693 5080 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:41:36.0695 5080 mrxsmb10 - ok
15:41:36.0911 5080 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:41:36.0912 5080 mrxsmb20 - ok
15:41:37.0004 5080 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:41:37.0019 5080 msahci - ok
15:41:37.0245 5080 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:41:37.0290 5080 msdsm - ok
15:41:37.0463 5080 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:41:37.0465 5080 Msfs - ok
15:41:37.0573 5080 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:41:37.0603 5080 mshidkmdf - ok
15:41:37.0822 5080 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:41:37.0846 5080 msisadrv - ok
15:41:38.0054 5080 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:41:38.0075 5080 MSKSSRV - ok
15:41:38.0329 5080 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:41:38.0348 5080 MSPCLOCK - ok
15:41:38.0463 5080 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:41:38.0482 5080 MSPQM - ok
15:41:38.0615 5080 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:41:38.0660 5080 MsRPC - ok
15:41:38.0857 5080 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:41:38.0859 5080 mssmbios - ok
15:41:39.0029 5080 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:41:39.0049 5080 MSTEE - ok
15:41:39.0509 5080 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:41:39.0529 5080 MTConfig - ok
15:41:39.0759 5080 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:41:39.0781 5080 Mup - ok
15:41:40.0053 5080 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:41:40.0057 5080 NativeWifiP - ok
15:41:40.0239 5080 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110930.002\ENG64.SYS
15:41:40.0241 5080 NAVENG - ok
15:41:40.0573 5080 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110930.002\EX64.SYS
15:41:40.0588 5080 NAVEX15 - ok
15:41:41.0989 5080 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:41:42.0022 5080 NDIS - ok
15:41:42.0306 5080 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:41:42.0328 5080 NdisCap - ok
15:41:42.0696 5080 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:41:42.0697 5080 NdisTapi - ok
15:41:42.0908 5080 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:41:42.0910 5080 Ndisuio - ok
15:41:42.0989 5080 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:41:42.0992 5080 NdisWan - ok
15:41:43.0076 5080 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:41:43.0078 5080 NDProxy - ok
15:41:43.0317 5080 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:41:43.0318 5080 NetBIOS - ok
15:41:43.0567 5080 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:41:43.0571 5080 NetBT - ok
15:41:44.0065 5080 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
15:41:44.0281 5080 NETw5s64 - ok
15:41:44.0683 5080 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:41:44.0842 5080 netw5v64 - ok
15:41:45.0287 5080 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:41:45.0315 5080 nfrd960 - ok
15:41:45.0480 5080 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
15:41:45.0481 5080 NPF - ok
15:41:45.0562 5080 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:41:45.0563 5080 Npfs - ok
15:41:45.0637 5080 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:41:45.0638 5080 nsiproxy - ok
15:41:46.0014 5080 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:41:46.0095 5080 Ntfs - ok
15:41:46.0381 5080 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:41:46.0382 5080 Null - ok
15:41:46.0594 5080 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:41:46.0611 5080 nvraid - ok
15:41:46.0659 5080 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:41:46.0686 5080 nvstor - ok
15:41:46.0808 5080 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:41:46.0850 5080 nv_agp - ok
15:41:47.0310 5080 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:41:47.0322 5080 ohci1394 - ok
15:41:47.0661 5080 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:41:47.0690 5080 Parport - ok
15:41:48.0524 5080 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:41:48.0548 5080 partmgr - ok
15:41:49.0271 5080 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:41:49.0303 5080 pci - ok
15:41:49.0608 5080 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:41:49.0630 5080 pciide - ok
15:41:50.0442 5080 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:41:50.0476 5080 pcmcia - ok
15:41:50.0713 5080 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:41:50.0737 5080 pcw - ok
15:41:51.0085 5080 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:41:51.0106 5080 PEAUTH - ok
15:41:51.0257 5080 PGEffect (2c3ba65f8ca712730050c29104e093f9) C:\Windows\system32\DRIVERS\pgeffect.sys
15:41:51.0258 5080 PGEffect - ok
15:41:51.0315 5080 pneteth (fe74ba87cdaa80ac9261f49167f0608a) C:\Windows\system32\DRIVERS\pneteth.sys
15:41:51.0340 5080 pneteth - ok
15:41:51.0618 5080 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:41:51.0619 5080 PptpMiniport - ok
15:41:52.0071 5080 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:41:52.0101 5080 Processor - ok
15:41:52.0261 5080 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:41:52.0263 5080 Psched - ok
15:41:52.0391 5080 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:41:52.0449 5080 ql2300 - ok
15:41:53.0276 5080 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:41:53.0301 5080 ql40xx - ok
15:41:53.0538 5080 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:41:53.0539 5080 QWAVEdrv - ok
15:41:55.0287 5080 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:41:55.0310 5080 RasAcd - ok
15:41:55.0482 5080 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:41:55.0483 5080 RasAgileVpn - ok
15:41:55.0575 5080 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:41:55.0577 5080 Rasl2tp - ok
15:41:55.0630 5080 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:41:55.0632 5080 RasPppoe - ok
15:41:55.0658 5080 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:41:55.0660 5080 RasSstp - ok
15:41:55.0727 5080 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:41:55.0732 5080 rdbss - ok
15:41:55.0885 5080 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:41:55.0911 5080 rdpbus - ok
15:41:56.0241 5080 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:41:56.0242 5080 RDPCDD - ok
15:41:56.0530 5080 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:41:56.0531 5080 RDPENCDD - ok
15:41:56.0756 5080 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:41:56.0757 5080 RDPREFMP - ok
15:41:57.0119 5080 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:41:57.0121 5080 RDPWD - ok
15:41:57.0371 5080 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:41:57.0407 5080 rdyboost - ok
15:41:57.0654 5080 rimspci (abf0d2eae54a7f071a54bd2828c982ca) C:\Windows\system32\DRIVERS\rimspe64.sys
15:41:57.0656 5080 rimspci - ok
15:41:57.0976 5080 rixdpcie (e8ed37d472eb5211c0a34fd63a3971e9) C:\Windows\system32\DRIVERS\rixdpe64.sys
15:41:57.0977 5080 rixdpcie - ok
15:41:58.0312 5080 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:41:58.0314 5080 rspndr - ok
15:41:58.0469 5080 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:41:58.0475 5080 RTL8167 - ok
15:41:58.0575 5080 RTL8169 (3e800d0dd24c5cfe61a1d71a3f6feab9) C:\Windows\system32\DRIVERS\Rtlh64.sys
15:41:58.0605 5080 RTL8169 - ok
15:41:58.0789 5080 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:41:58.0807 5080 sbp2port - ok
15:41:58.0959 5080 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:41:58.0986 5080 scfilter - ok
15:41:59.0143 5080 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:41:59.0145 5080 sdbus - ok
15:41:59.0291 5080 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:41:59.0292 5080 secdrv - ok
15:41:59.0475 5080 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:41:59.0501 5080 Serenum - ok
15:41:59.0636 5080 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:41:59.0673 5080 Serial - ok
15:41:59.0976 5080 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:41:59.0998 5080 sermouse - ok
15:42:00.0271 5080 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:42:00.0272 5080 sffdisk - ok
15:42:00.0614 5080 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:42:00.0636 5080 sffp_mmc - ok
15:42:00.0818 5080 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:42:00.0820 5080 sffp_sd - ok
15:42:00.0983 5080 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:42:01.0005 5080 sfloppy - ok
15:42:01.0987 5080 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:42:02.0014 5080 SiSRaid2 - ok
15:42:02.0762 5080 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:42:02.0798 5080 SiSRaid4 - ok
15:42:04.0720 5080 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:42:04.0743 5080 Smb - ok
15:42:06.0608 5080 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:42:06.0632 5080 spldr - ok
15:42:07.0216 5080 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
15:42:07.0216 5080 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
15:42:07.0232 5080 sptd ( LockedFile.Multi.Generic ) - warning
15:42:07.0232 5080 sptd - detected LockedFile.Multi.Generic (1)
15:42:08.0120 5080 SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS
15:42:08.0148 5080 SRTSP - ok
15:42:09.0221 5080 SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS
15:42:09.0444 5080 SRTSPL - ok
15:42:09.0618 5080 SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS
15:42:09.0646 5080 SRTSPX - ok
15:42:10.0518 5080 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:42:10.0525 5080 srv - ok
15:42:10.0842 5080 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:42:10.0847 5080 srv2 - ok
15:42:11.0193 5080 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:42:11.0195 5080 srvnet - ok
15:42:11.0671 5080 ssadbus (d52282225d5bd73a9cbf420699d1a0fe) C:\Windows\system32\DRIVERS\ssadbus.sys
15:42:11.0705 5080 ssadbus - ok
15:42:11.0896 5080 ssadmdfl (f7936ac6e8437e10e1ae488ce21f3086) C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:42:11.0919 5080 ssadmdfl - ok
15:42:12.0553 5080 ssadmdm (1fe033372a58c67b3ecca903fc637b36) C:\Windows\system32\DRIVERS\ssadmdm.sys
15:42:12.0591 5080 ssadmdm - ok
15:42:13.0206 5080 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
15:42:13.0238 5080 sscdbus - ok
15:42:13.0843 5080 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:42:13.0867 5080 sscdmdfl - ok
15:42:14.0982 5080 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
15:42:15.0026 5080 sscdmdm - ok
15:42:15.0463 5080 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:42:15.0489 5080 stexstor - ok
15:42:16.0119 5080 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:42:16.0120 5080 swenum - ok
15:42:17.0110 5080 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:42:17.0123 5080 SymEvent - ok
15:42:17.0662 5080 SynTP (6de6d25cc1d1cb694a1cc3e4604db644) C:\Windows\system32\DRIVERS\SynTP.sys
15:42:17.0664 5080 SynTP - ok
15:42:18.0085 5080 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
15:42:18.0173 5080 Tcpip - ok
15:42:18.0461 5080 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
15:42:18.0479 5080 TCPIP6 - ok
15:42:18.0847 5080 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:42:18.0848 5080 tcpipreg - ok
15:42:19.0237 5080 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
15:42:19.0239 5080 tdcmdpst - ok
15:42:19.0583 5080 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:42:19.0597 5080 TDPIPE - ok
15:42:20.0254 5080 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:42:20.0255 5080 TDTCP - ok
15:42:20.0588 5080 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:42:20.0590 5080 tdx - ok
15:42:20.0835 5080 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:42:20.0837 5080 TermDD - ok
15:42:21.0136 5080 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\Windows\system32\DRIVERS\Thpevm.SYS
15:42:21.0158 5080 Thpevm - ok
15:42:21.0541 5080 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:42:21.0543 5080 tssecsrv - ok
15:42:21.0738 5080 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:42:21.0763 5080 TsUsbFlt - ok
15:42:21.0988 5080 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:42:21.0990 5080 tunnel - ok
15:42:22.0241 5080 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
15:42:22.0265 5080 TVALZ - ok
15:42:22.0617 5080 TVALZFL (be32a8658a0b56474ad4d0bb8afa8e55) C:\Windows\system32\DRIVERS\TVALZFL.sys
15:42:22.0618 5080 TVALZFL - ok
15:42:23.0194 5080 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:42:23.0213 5080 uagp35 - ok
15:42:23.0765 5080 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:42:23.0813 5080 udfs - ok
15:42:24.0195 5080 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:42:24.0227 5080 uliagpkx - ok
15:42:24.0400 5080 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:42:24.0401 5080 umbus - ok
15:42:24.0651 5080 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:42:24.0673 5080 UmPass - ok
15:42:24.0954 5080 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:42:24.0983 5080 usbaudio - ok
15:42:25.0146 5080 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:42:25.0148 5080 usbccgp - ok
15:42:25.0312 5080 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:42:25.0351 5080 usbcir - ok
15:42:25.0674 5080 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:42:25.0675 5080 usbehci - ok
15:42:26.0344 5080 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:42:26.0350 5080 usbhub - ok
15:42:26.0985 5080 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:42:27.0009 5080 usbohci - ok
15:42:27.0987 5080 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:42:28.0012 5080 usbprint - ok
15:42:28.0639 5080 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:42:28.0676 5080 USBSTOR - ok
15:42:29.0071 5080 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:42:29.0072 5080 usbuhci - ok
15:42:29.0412 5080 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:42:29.0415 5080 usbvideo - ok
15:42:29.0626 5080 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:42:29.0654 5080 vdrvroot - ok
15:42:30.0228 5080 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:42:30.0257 5080 vga - ok
15:42:31.0010 5080 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:42:31.0011 5080 VgaSave - ok
15:42:31.0406 5080 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:42:31.0439 5080 vhdmp - ok
15:42:33.0136 5080 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:42:33.0168 5080 viaide - ok
15:42:33.0537 5080 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:42:33.0567 5080 volmgr - ok
15:42:34.0523 5080 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:42:34.0527 5080 volmgrx - ok
15:42:35.0057 5080 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:42:35.0084 5080 volsnap - ok
15:42:35.0331 5080 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:42:35.0375 5080 vsmraid - ok
15:42:36.0401 5080 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:42:36.0402 5080 vwifibus - ok
15:42:36.0591 5080 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:42:36.0593 5080 vwififlt - ok
15:42:36.0880 5080 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:42:36.0902 5080 WacomPen - ok
15:42:37.0151 5080 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:42:37.0153 5080 WANARP - ok
15:42:37.0168 5080 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:42:37.0170 5080 Wanarpv6 - ok
15:42:37.0430 5080 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:42:37.0451 5080 Wd - ok
15:42:37.0817 5080 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:42:37.0827 5080 Wdf01000 - ok
15:42:38.0112 5080 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:42:38.0113 5080 WfpLwf - ok
15:42:38.0437 5080 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:42:38.0463 5080 WIMMount - ok
15:42:38.0783 5080 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
15:42:38.0807 5080 WinUSB - ok
15:42:39.0308 5080 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:42:39.0336 5080 WmiAcpi - ok
15:42:39.0856 5080 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:42:39.0881 5080 ws2ifsl - ok
15:42:40.0030 5080 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:42:40.0055 5080 WSDPrintDevice - ok
15:42:40.0279 5080 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:42:40.0281 5080 WudfPf - ok
15:42:40.0556 5080 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:42:40.0558 5080 WUDFRd - ok
15:42:40.0670 5080 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:42:40.0685 5080 \Device\Harddisk0\DR0 - ok
15:42:40.0690 5080 Boot (0x1200) (3c4525a548f063dd14c5c98aec199f32) \Device\Harddisk0\DR0\Partition0
15:42:40.0691 5080 \Device\Harddisk0\DR0\Partition0 - ok
15:42:40.0694 5080 ============================================================
15:42:40.0694 5080 Scan finished
15:42:40.0694 5080 ============================================================
15:42:40.0715 5092 Detected object count: 1
15:42:40.0715 5092 Actual detected object count: 1
15:43:01.0055 5092 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:43:01.0055 5092 sptd ( LockedFile.Multi.Generic ) - User select action: Skip



DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Kyle at 15:48:25 on 2011-10-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2170 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agr64svc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
c:\Program Files\Zune\ZuneNss.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1CB61589-123D-4B41-8095-1219C2191127} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1CB61589-123D-4B41-8095-1219C2191127}\16474777966696 : DhcpNameServer = 192.168.128.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{1CB61589-123D-4B41-8095-1219C2191127}\3707279636B6564737 : DhcpNameServer = 204.89.253.1 204.89.253.2
TCP: Interfaces\{1CB61589-123D-4B41-8095-1219C2191127}\472796E696479723 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{1CB61589-123D-4B41-8095-1219C2191127}\9455027457563747 : DhcpNameServer = 129.79.1.1 129.79.5.100 129.79.8.50
TCP: Interfaces\{1CB61589-123D-4B41-8095-1219C2191127}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E80BF325-35E0-4C1F-847F-77237049A80C} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\nj4z0dl8.default\
FF - component: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\nj4z0dl8.default\extensions\firesheep@codebutler.com\platform\WINNT_x86-msvc\components\mozpopen.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Picasa2\npPicasa2.dll
FF - plugin: C:\Program Files (x86)\Picasa2\npPicasa3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\system32\DRIVERS\Thpevm.SYS --> C:\Windows\system32\DRIVERS\Thpevm.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 camsvc;TOSHIBA Web Camera Service;C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-8-18 20544]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-2-19 55808]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-4-14 251392]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-3-17 84480]
R2 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-4-9 803696]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-29 136824]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-8-26 54136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-16 135664]
S2 Secunia Update Agent;Secunia Update Agent;"C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service --> C:\Program Files (x86)\Secunia\PSI\sua.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys --> C:\Windows\system32\Drivers\COH_Mon.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-16 135664]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2011-09-26 08:07:13 -------- d-----we C:\Windows\system64
2011-09-16 03:00:39 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-09-16 03:00:38 -------- d-----w- C:\Program Files (x86)\Steam
2011-09-15 07:13:00 -------- d-----w- C:\Program Files (x86)\X-Chat 2
2011-09-12 22:40:50 -------- d-----w- C:\Users\Kyle\AppData\Local\Secunia PSI
2011-09-12 22:40:42 -------- d-----w- C:\Program Files (x86)\Secunia
2011-09-09 22:04:53 140800 ----a-w- C:\Windows\SysWow64\tm20dec.ax
2011-09-09 22:04:20 304128 ----a-w- C:\Windows\IsUninst.exe
2011-09-09 22:00:35 -------- d-----w- C:\Program Files (x86)\Final Fantasy VII
.
==================== Find3M ====================
.
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-23 23:23:48 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-05 23:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-07-05 23:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-01-26 22:22:14 4636488 ----a-w- C:\Program Files (x86)\Common Files\Samsung_Mobile_USB_Driver(V5.2)_V1.2.1060.0.exe
.
============= FINISH: 15:49:19.69 ===============


Edited by carstraft, 01 October 2011 - 07:49 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 02 October 2011 - 08:26 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Please post the log and let me know if the problem persists.

#5 carstraft

carstraft
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 02 October 2011 - 03:38 PM

Ok, so far since i've enabled my firewall after running combofix, it hasn't detected any of the trojans.

But after running combofix (and after it rebooted my computer), a lot of programs i try to open come up with a warning message: "Illegal operation attempted on a registry key that has been marked for deletion." Actually, it's starting to look like it's affecting all of the programs on my computer. It was happening to firefox, but i right clicked and chose to Run as Administrator so I could get on and post the log. I didn't think that would work, but it did.


It's not letting me post the log as plain text in this post since it is too long, so I am attaching the log file.


edit - i restarted my computer and now everything is opening without the "Illegal operation attempted on a registry key that has been marked for deletion." error message. my firewall is also not detecting any of the trojans that it was previously!

Attached Files


Edited by carstraft, 03 October 2011 - 02:58 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 03 October 2011 - 07:07 AM

Good news.

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Let me know if the computer is stable.

#7 carstraft

carstraft
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 03 October 2011 - 03:22 PM

Awesome, thanks a lot! Things seem to be going well; no trojans detected at all, and my computer even seems to be running faster!


Results of screen317's Security Check version 0.99.20
Windows 7 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Mozilla Firefox (6.0.2) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 04 October 2011 - 09:07 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 26

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Flash Player 10.3.183.10 ... Flash Player for Android update to Adobe Flash Player for Android 10.3.186.7

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.

Download for Internet Explorer

Download for Firefox and other browsers
<<<>>>

When all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used to clean this computer.

Surf Safely, and Think Prevention!
===

#9 carstraft

carstraft
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 04 October 2011 - 06:45 PM

Thanks a lot! I love this site, any major malware problems and this site solves it! I've got everything up to date now, and I will be checking out the link for safer surfing tips. Thanks much nasdaq, have a wonderful day!

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 09 October 2011 - 08:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users