Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with malware removal


  • This topic is locked This topic is locked
17 replies to this topic

#1 manifestoman

manifestoman

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 03 November 2011 - 07:51 PM

Hello!
I could really use some help with removing a virus I've got on my computerf. I hear audio ads playing in the background even with nothing running, and there is often a ghost iexplorer.exe process running in my task manager. Furthermore, search engines redirect me to random sights and internet randomly restarts(not sure if that's strictly related though). Thank you for any help you can get me. Here are the logs from dds, and I'll also attach the other part. And yeah, I know I need to update ESET but I want to get rid of this virus first.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Alex at 20:29:17 on 2011-11-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2370 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RAVCpl64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Alex\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\splwow64.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [googletalk] C:\Users\Alex\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun: [DeathAdder] "C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Alex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.11.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{1A47848B-19D7-4453-AE10-603825096BC7} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FD85EC0C-55DC-418C-B875-B45463A1B882} : DhcpNameServer = 192.168.11.1 209.18.47.61 209.18.47.62
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [NDSTray.exe] NDSTray.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
mRun-x64: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
mRun-x64: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun-x64: [DeathAdder] "C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\2t1u7tnc.default\
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys --> C:\Windows\system32\DRIVERS\ehdrv.sys [?]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-6-27 36864]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-7-10 40960]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-4-9 731840]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-14 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-8 135664]
S3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-8 135664]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 KR10I64;KR10I64;C:\Windows\system32\drivers\kr10i64.sys --> C:\Windows\system32\drivers\kr10i64.sys [?]
S4 KR10N64;KR10N64;C:\Windows\system32\drivers\kr10n64.sys --> C:\Windows\system32\drivers\kr10n64.sys [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-03 20:48:11 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB21A194-C8D5-4A3A-AA38-C4DDB2FB23D7}\offreg.dll
2011-11-02 23:15:37 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-02 21:20:24 -------- d-----w- C:\Users\Alex\AppData\Local\temp
2011-11-02 20:42:09 -------- d-----w- C:\ComboFix
2011-11-01 19:50:07 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB21A194-C8D5-4A3A-AA38-C4DDB2FB23D7}\mpengine.dll
2011-10-30 19:57:36 98816 ----a-w- C:\Windows\sed.exe
2011-10-30 19:57:36 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-30 19:57:36 256000 ----a-w- C:\Windows\PEV.exe
2011-10-30 19:57:36 208896 ----a-w- C:\Windows\MBR.exe
2011-10-30 18:15:33 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-10-30 18:15:14 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2011-10-30 18:15:14 332288 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-30 18:15:14 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-30 18:15:13 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-30 18:15:13 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2011-10-30 18:15:13 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-30 18:15:13 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
2011-10-30 18:15:13 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
2011-10-30 18:06:10 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-10-30 18:06:10 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-10-30 18:06:06 8570192 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2011-10-30 18:05:10 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-30 18:05:10 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-10-30 18:05:08 69632 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-10-30 18:05:08 375808 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-30 18:05:08 293376 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-30 18:05:08 289792 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-30 18:05:08 217088 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-30 18:05:08 100352 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-10-30 18:05:07 73216 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-10-30 18:05:07 57856 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-10-30 16:52:42 -------- d-----w- C:\ProgramData\AVAST Software
2011-10-30 16:52:42 -------- d-----w- C:\Program Files\AVAST Software
2011-10-29 20:35:54 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-29 20:35:54 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-10-22 01:52:47 -------- d-----w- C:\Users\Alex\AppData\Roaming\.minecraft
.
==================== Find3M ====================
.
2011-11-02 20:33:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-30 18:20:58 85504 ----a-w- C:\Windows\System32\iesetup.dll
2011-10-30 18:20:58 30720 ----a-w- C:\Windows\System32\licmgr10.dll
2011-10-30 18:20:58 1492992 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-10-30 18:20:57 603648 ----a-w- C:\Windows\System32\vbscript.dll
2011-10-30 18:20:57 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-30 18:20:57 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-10-30 18:20:57 165888 ----a-w- C:\Windows\System32\iexpress.exe
2011-10-30 18:20:57 160256 ----a-w- C:\Windows\System32\wextract.exe
2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 20:37:37.20 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:00 PM

Posted 05 November 2011 - 08:53 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 manifestoman

manifestoman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 06 November 2011 - 01:42 PM

Okay, ran ComboFix. Logs are below. Google redirected me almost immediately and audio resumed. Why does it not trust google talk? At any rate, it did not work. I thought I should let you know that I rather foolishly initially (before contactin you) tried a system restore to get rid of the virus, which was unsuccesful. Also, I somewhat recently had the system restore virus (3 weeks ago maybe)? Hope this additional information helps. Also, is it safe to use this computer for online purchases? I'm guessing no. Final point of interest, the logs showed that I had 4 running processes (including internet explorer and google toolbar) but I was only running combofix.

ComboFix 11-11-06.02 - Alex 11/06/2011 12:32:38.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2598 [GMT -5:00]
Running from: c:\users\Alex\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alex\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
.
.
((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))
.
.
2011-11-06 18:06 . 2011-11-06 18:06 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF2089FB-C6E0-4A71-BFE6-A9EEDEB384B5}\offreg.dll
2011-11-06 18:03 . 2011-11-06 18:09 -------- d-----w- c:\users\Alex\AppData\Local\temp
2011-11-06 18:03 . 2011-11-06 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-05 04:49 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF2089FB-C6E0-4A71-BFE6-A9EEDEB384B5}\mpengine.dll
2011-10-30 18:15 . 2011-09-06 13:56 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-10-30 18:15 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-10-30 18:15 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-10-30 18:15 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-30 18:15 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-30 18:15 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-30 18:15 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-30 18:15 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-30 18:15 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-10-30 18:06 . 2011-09-14 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-30 18:06 . 2011-09-14 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-10-30 18:05 . 2011-08-13 05:11 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-30 18:05 . 2011-08-13 04:43 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-30 18:05 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-30 18:05 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-30 18:05 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-30 18:05 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-30 18:05 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-30 18:05 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-10-30 18:05 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-30 18:05 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-10-30 16:52 . 2011-10-30 16:52 -------- d-----w- c:\programdata\AVAST Software
2011-10-30 16:52 . 2011-10-30 16:52 -------- d-----w- c:\program files\AVAST Software
2011-10-29 20:35 . 2011-10-29 20:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-29 20:35 . 2011-10-29 20:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-10-22 01:52 . 2011-10-28 03:32 -------- d-----w- c:\users\Alex\AppData\Roaming\.minecraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-02 20:33 . 2011-08-21 03:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 09:06 . 2011-07-04 18:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-02_21.24.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2011-11-06 18:08 53424 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-11-06 18:09 77008 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-27 01:54 . 2011-11-06 18:09 14146 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2009382799-2340786075-754663182-1000_UserData.bin
+ 2011-11-05 22:07 . 2011-11-05 22:07 22016 c:\windows\Installer\43a38.msi
+ 2006-11-02 12:40 . 2011-11-05 04:42 51200 c:\windows\inf\infpub.dat
- 2006-11-02 12:40 . 2011-10-30 17:53 51200 c:\windows\inf\infpub.dat
+ 2011-11-06 18:06 . 2011-11-06 18:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-02 21:23 . 2011-11-02 21:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-06 18:06 . 2011-11-06 18:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-02 21:23 . 2011-11-02 21:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-13 00:25 . 2011-11-06 06:35 221994 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:46 . 2011-10-30 18:53 672542 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-11-06 16:26 672542 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-10-30 18:53 131932 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-11-06 16:26 131932 c:\windows\system32\perfc009.dat
+ 2011-03-12 06:59 . 2011-11-06 18:05 385680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-03-12 06:59 . 2011-11-02 21:22 385680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-14 20:37 . 2011-11-06 18:05 386448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2009382799-2340786075-754663182-1000-12288.dat
- 2011-07-14 20:37 . 2011-10-30 20:43 386448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2009382799-2340786075-754663182-1000-12288.dat
- 2006-11-02 12:40 . 2011-10-30 17:53 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 12:40 . 2011-11-05 04:42 143360 c:\windows\inf\infstrng.dat
- 2009-06-11 18:48 . 2011-11-02 21:22 2615816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-06-11 18:48 . 2011-11-06 18:05 2615816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-04 02:03 . 2011-11-06 18:05 6076440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2009382799-2340786075-754663182-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 432640]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-14 68856]
"googletalk"="c:\users\Alex\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-07-31 417792]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 KR10I64;KR10I64;c:\windows\system32\drivers\kr10i64.sys [x]
R4 KR10N64;KR10N64;c:\windows\system32\drivers\kr10n64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2008-06-28 36864]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2008-07-11 40960]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-04-09 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 175104]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 84992]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 01:36]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 01:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-08 6156288]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1216808]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2692008]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.11.1 209.18.47.61 209.18.47.62
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\2t1u7tnc.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
.
**************************************************************************
.
Completion time: 2011-11-06 13:28:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-06 18:28
ComboFix2.txt 2011-11-02 21:45
ComboFix3.txt 2011-10-30 21:08
.
Pre-Run: 166,797,357,056 bytes free
Post-Run: 166,851,301,376 bytes free
.
- - End Of File - - 7E6F3FBC1A085BE8E388EC7D62F3CE98

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:00 PM

Posted 06 November 2011 - 02:56 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 manifestoman

manifestoman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 06 November 2011 - 03:54 PM

Doesn't look like it came up with anything. Here are the logs, and thank you for your continured help.

15:49:41.0428 4704 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
15:49:42.0247 4704 ============================================================
15:49:42.0247 4704 Current date / time: 2011/11/06 15:49:42.0247
15:49:42.0247 4704 SystemInfo:
15:49:42.0247 4704
15:49:42.0247 4704 OS Version: 6.0.6002 ServicePack: 2.0
15:49:42.0247 4704 Product type: Workstation
15:49:42.0247 4704 ComputerName: ALEX-PC
15:49:42.0248 4704 UserName: Alex
15:49:42.0248 4704 Windows directory: C:\Windows
15:49:42.0248 4704 System windows directory: C:\Windows
15:49:42.0248 4704 Running under WOW64
15:49:42.0248 4704 Processor architecture: Intel x64
15:49:42.0248 4704 Number of processors: 2
15:49:42.0248 4704 Page size: 0x1000
15:49:42.0248 4704 Boot type: Normal boot
15:49:42.0248 4704 ============================================================
15:49:42.0613 4704 Initialize success
15:49:53.0619 1884 ============================================================
15:49:53.0619 1884 Scan started
15:49:53.0619 1884 Mode: Manual;
15:49:53.0619 1884 ============================================================
15:49:54.0043 1884 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
15:49:54.0046 1884 ACPI - ok
15:49:54.0224 1884 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
15:49:54.0227 1884 adp94xx - ok
15:49:54.0379 1884 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
15:49:54.0382 1884 adpahci - ok
15:49:54.0503 1884 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
15:49:54.0505 1884 adpu160m - ok
15:49:54.0570 1884 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
15:49:54.0572 1884 adpu320 - ok
15:49:54.0719 1884 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
15:49:54.0722 1884 AFD - ok
15:49:54.0930 1884 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
15:49:54.0938 1884 AgereSoftModem - ok
15:49:55.0083 1884 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
15:49:55.0084 1884 agp440 - ok
15:49:55.0167 1884 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
15:49:55.0168 1884 aic78xx - ok
15:49:55.0296 1884 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
15:49:55.0297 1884 aliide - ok
15:49:55.0417 1884 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
15:49:55.0417 1884 amdide - ok
15:49:55.0498 1884 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
15:49:55.0499 1884 AmdK8 - ok
15:49:55.0636 1884 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
15:49:55.0637 1884 arc - ok
15:49:55.0763 1884 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
15:49:55.0764 1884 arcsas - ok
15:49:55.0957 1884 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
15:49:55.0958 1884 AsyncMac - ok
15:49:56.0066 1884 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
15:49:56.0067 1884 atapi - ok
15:49:56.0301 1884 atikmdag (d51496a88a183b5363ac6651ea703434) C:\Windows\system32\DRIVERS\atikmdag.sys
15:49:56.0327 1884 atikmdag - ok
15:49:56.0480 1884 Beep - ok
15:49:56.0606 1884 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
15:49:56.0607 1884 blbdrive - ok
15:49:56.0661 1884 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
15:49:56.0662 1884 bowser - ok
15:49:56.0786 1884 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
15:49:56.0786 1884 BrFiltLo - ok
15:49:56.0837 1884 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
15:49:56.0838 1884 BrFiltUp - ok
15:49:56.0983 1884 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
15:49:56.0984 1884 Brserid - ok
15:49:57.0050 1884 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
15:49:57.0051 1884 BrSerWdm - ok
15:49:57.0081 1884 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
15:49:57.0082 1884 BrUsbMdm - ok
15:49:57.0201 1884 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
15:49:57.0202 1884 BrUsbSer - ok
15:49:57.0287 1884 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
15:49:57.0288 1884 BTHMODEM - ok
15:49:57.0472 1884 catchme - ok
15:49:57.0607 1884 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
15:49:57.0608 1884 cdfs - ok
15:49:57.0747 1884 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
15:49:57.0748 1884 cdrom - ok
15:49:57.0897 1884 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
15:49:57.0897 1884 circlass - ok
15:49:57.0992 1884 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
15:49:57.0994 1884 CLFS - ok
15:49:58.0174 1884 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
15:49:58.0175 1884 CmBatt - ok
15:49:58.0316 1884 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
15:49:58.0317 1884 cmdide - ok
15:49:58.0368 1884 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
15:49:58.0369 1884 Compbatt - ok
15:49:58.0503 1884 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
15:49:58.0504 1884 crcdisk - ok
15:49:58.0648 1884 DAdderFltr (5bc67f1efb6b1d039b151cf7353ec742) C:\Windows\system32\drivers\dadder.sys
15:49:58.0649 1884 DAdderFltr - ok
15:49:58.0802 1884 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
15:49:58.0803 1884 DfsC - ok
15:49:58.0941 1884 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
15:49:58.0942 1884 disk - ok
15:49:59.0105 1884 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
15:49:59.0106 1884 drmkaud - ok
15:49:59.0206 1884 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
15:49:59.0212 1884 DXGKrnl - ok
15:49:59.0324 1884 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:49:59.0325 1884 E1G60 - ok
15:49:59.0459 1884 eamon (dadf326f74eec4d759ada18c5b73fc77) C:\Windows\system32\DRIVERS\eamon.sys
15:49:59.0460 1884 eamon - ok
15:49:59.0583 1884 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
15:49:59.0584 1884 Ecache - ok
15:49:59.0737 1884 ehdrv (cc1b838d1a837c2957fa84658d57f809) C:\Windows\system32\DRIVERS\ehdrv.sys
15:49:59.0739 1884 ehdrv - ok
15:49:59.0944 1884 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
15:49:59.0947 1884 elxstor - ok
15:50:00.0109 1884 epfwwfpr (031b3ae524d9ff2735de08e59353aef9) C:\Windows\system32\DRIVERS\epfwwfpr.sys
15:50:00.0111 1884 epfwwfpr - ok
15:50:00.0250 1884 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
15:50:00.0251 1884 ErrDev - ok
15:50:00.0343 1884 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
15:50:00.0345 1884 exfat - ok
15:50:00.0401 1884 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
15:50:00.0403 1884 fastfat - ok
15:50:00.0535 1884 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
15:50:00.0535 1884 fdc - ok
15:50:00.0593 1884 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
15:50:00.0594 1884 FileInfo - ok
15:50:00.0667 1884 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
15:50:00.0668 1884 Filetrace - ok
15:50:00.0762 1884 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:50:00.0763 1884 flpydisk - ok
15:50:00.0809 1884 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
15:50:00.0812 1884 FltMgr - ok
15:50:00.0964 1884 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
15:50:00.0965 1884 Fs_Rec - ok
15:50:01.0093 1884 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
15:50:01.0093 1884 FwLnk - ok
15:50:01.0219 1884 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
15:50:01.0220 1884 gagp30kx - ok
15:50:01.0377 1884 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
15:50:01.0379 1884 HdAudAddService - ok
15:50:01.0511 1884 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:50:01.0518 1884 HDAudBus - ok
15:50:01.0603 1884 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
15:50:01.0604 1884 HidBth - ok
15:50:01.0671 1884 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
15:50:01.0672 1884 HidIr - ok
15:50:01.0740 1884 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
15:50:01.0740 1884 HidUsb - ok
15:50:01.0877 1884 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
15:50:01.0878 1884 HpCISSs - ok
15:50:01.0979 1884 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
15:50:01.0983 1884 HTTP - ok
15:50:02.0036 1884 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
15:50:02.0037 1884 i2omp - ok
15:50:02.0118 1884 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
15:50:02.0119 1884 i8042prt - ok
15:50:02.0174 1884 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\DRIVERS\iaStor.sys
15:50:02.0177 1884 iaStor - ok
15:50:02.0306 1884 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
15:50:02.0308 1884 iaStorV - ok
15:50:02.0451 1884 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
15:50:02.0451 1884 iirsp - ok
15:50:02.0638 1884 IntcAzAudAddService (1835b384d2d66752ed1460e9085230bd) C:\Windows\system32\drivers\RTKVHD64.sys
15:50:02.0648 1884 IntcAzAudAddService - ok
15:50:02.0811 1884 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
15:50:02.0812 1884 intelide - ok
15:50:02.0939 1884 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
15:50:02.0940 1884 intelppm - ok
15:50:03.0089 1884 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:50:03.0089 1884 IpFilterDriver - ok
15:50:03.0210 1884 IpInIp - ok
15:50:03.0274 1884 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
15:50:03.0275 1884 IPMIDRV - ok
15:50:03.0400 1884 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
15:50:03.0402 1884 IPNAT - ok
15:50:03.0527 1884 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
15:50:03.0528 1884 IRENUM - ok
15:50:03.0679 1884 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
15:50:03.0679 1884 isapnp - ok
15:50:03.0824 1884 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
15:50:03.0825 1884 iScsiPrt - ok
15:50:03.0954 1884 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
15:50:03.0955 1884 iteatapi - ok
15:50:04.0093 1884 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
15:50:04.0094 1884 iteraid - ok
15:50:04.0209 1884 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
15:50:04.0210 1884 kbdclass - ok
15:50:04.0333 1884 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:50:04.0334 1884 kbdhid - ok
15:50:04.0468 1884 KR10I64 (7c999f96b239e214154db3c808e6736a) C:\Windows\system32\drivers\kr10i64.sys
15:50:04.0470 1884 KR10I64 - ok
15:50:04.0608 1884 KR10N64 (8cb9a9164d4e789424f943fa718fa3f2) C:\Windows\system32\drivers\kr10n64.sys
15:50:04.0610 1884 KR10N64 - ok
15:50:04.0741 1884 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
15:50:04.0745 1884 KSecDD - ok
15:50:04.0877 1884 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
15:50:04.0878 1884 ksthunk - ok
15:50:05.0007 1884 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
15:50:05.0008 1884 lltdio - ok
15:50:05.0155 1884 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
15:50:05.0157 1884 LSI_FC - ok
15:50:05.0280 1884 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
15:50:05.0281 1884 LSI_SAS - ok
15:50:05.0416 1884 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
15:50:05.0417 1884 LSI_SCSI - ok
15:50:05.0532 1884 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
15:50:05.0533 1884 luafv - ok
15:50:05.0673 1884 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
15:50:05.0674 1884 megasas - ok
15:50:05.0833 1884 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
15:50:05.0836 1884 MegaSR - ok
15:50:05.0961 1884 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
15:50:05.0961 1884 Modem - ok
15:50:06.0126 1884 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
15:50:06.0127 1884 monitor - ok
15:50:06.0241 1884 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
15:50:06.0241 1884 mouclass - ok
15:50:06.0375 1884 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
15:50:06.0375 1884 mouhid - ok
15:50:06.0500 1884 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
15:50:06.0501 1884 MountMgr - ok
15:50:06.0637 1884 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
15:50:06.0638 1884 mpio - ok
15:50:06.0759 1884 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
15:50:06.0760 1884 mpsdrv - ok
15:50:06.0873 1884 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
15:50:06.0874 1884 Mraid35x - ok
15:50:07.0003 1884 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
15:50:07.0004 1884 MRxDAV - ok
15:50:07.0105 1884 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:50:07.0106 1884 mrxsmb - ok
15:50:07.0217 1884 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:50:07.0219 1884 mrxsmb10 - ok
15:50:07.0322 1884 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:50:07.0323 1884 mrxsmb20 - ok
15:50:07.0439 1884 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
15:50:07.0440 1884 msahci - ok
15:50:07.0582 1884 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
15:50:07.0583 1884 msdsm - ok
15:50:07.0708 1884 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
15:50:07.0709 1884 Msfs - ok
15:50:07.0853 1884 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
15:50:07.0854 1884 msisadrv - ok
15:50:07.0964 1884 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
15:50:07.0965 1884 MSKSSRV - ok
15:50:08.0111 1884 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
15:50:08.0112 1884 MSPCLOCK - ok
15:50:08.0238 1884 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
15:50:08.0238 1884 MSPQM - ok
15:50:08.0353 1884 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
15:50:08.0355 1884 MsRPC - ok
15:50:08.0467 1884 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:50:08.0467 1884 mssmbios - ok
15:50:08.0582 1884 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
15:50:08.0583 1884 MSTEE - ok
15:50:08.0789 1884 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
15:50:08.0790 1884 Mup - ok
15:50:08.0926 1884 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
15:50:08.0927 1884 NativeWifiP - ok
15:50:09.0113 1884 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
15:50:09.0119 1884 NDIS - ok
15:50:09.0219 1884 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
15:50:09.0219 1884 NdisTapi - ok
15:50:09.0328 1884 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
15:50:09.0329 1884 Ndisuio - ok
15:50:09.0447 1884 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
15:50:09.0448 1884 NdisWan - ok
15:50:09.0564 1884 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
15:50:09.0565 1884 NDProxy - ok
15:50:09.0690 1884 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
15:50:09.0691 1884 NetBIOS - ok
15:50:09.0801 1884 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
15:50:09.0803 1884 netbt - ok
15:50:10.0047 1884 NETw5v64 (93915c41a0dbbd121a0fad2835e43776) C:\Windows\system32\DRIVERS\NETw5v64.sys
15:50:10.0080 1884 NETw5v64 - ok
15:50:10.0210 1884 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
15:50:10.0211 1884 nfrd960 - ok
15:50:10.0336 1884 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
15:50:10.0336 1884 Npfs - ok
15:50:10.0443 1884 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
15:50:10.0444 1884 nsiproxy - ok
15:50:10.0589 1884 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
15:50:10.0600 1884 Ntfs - ok
15:50:10.0710 1884 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
15:50:10.0711 1884 Null - ok
15:50:10.0819 1884 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
15:50:10.0821 1884 nvraid - ok
15:50:10.0934 1884 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
15:50:10.0934 1884 nvstor - ok
15:50:11.0062 1884 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
15:50:11.0063 1884 nv_agp - ok
15:50:11.0169 1884 NwlnkFlt - ok
15:50:11.0267 1884 NwlnkFwd - ok
15:50:11.0419 1884 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
15:50:11.0421 1884 ohci1394 - ok
15:50:11.0589 1884 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
15:50:11.0590 1884 Parport - ok
15:50:11.0873 1884 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
15:50:11.0874 1884 partmgr - ok
15:50:11.0998 1884 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
15:50:12.0001 1884 pci - ok
15:50:12.0120 1884 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\DRIVERS\pciide.sys
15:50:12.0121 1884 pciide - ok
15:50:12.0250 1884 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
15:50:12.0252 1884 pcmcia - ok
15:50:12.0387 1884 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
15:50:12.0393 1884 PEAUTH - ok
15:50:12.0551 1884 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
15:50:12.0552 1884 PptpMiniport - ok
15:50:12.0728 1884 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
15:50:12.0729 1884 Processor - ok
15:50:12.0876 1884 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
15:50:12.0877 1884 PSched - ok
15:50:13.0025 1884 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
15:50:13.0035 1884 ql2300 - ok
15:50:13.0157 1884 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
15:50:13.0159 1884 ql40xx - ok
15:50:13.0291 1884 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
15:50:13.0292 1884 QWAVEdrv - ok
15:50:13.0407 1884 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
15:50:13.0408 1884 RasAcd - ok
15:50:13.0535 1884 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:50:13.0537 1884 Rasl2tp - ok
15:50:13.0705 1884 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
15:50:13.0706 1884 RasPppoe - ok
15:50:13.0820 1884 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
15:50:13.0821 1884 RasSstp - ok
15:50:13.0946 1884 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
15:50:13.0949 1884 rdbss - ok
15:50:14.0062 1884 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:50:14.0063 1884 RDPCDD - ok
15:50:14.0199 1884 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
15:50:14.0201 1884 rdpdr - ok
15:50:14.0319 1884 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
15:50:14.0319 1884 RDPENCDD - ok
15:50:14.0442 1884 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
15:50:14.0444 1884 RDPWD - ok
15:50:14.0600 1884 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
15:50:14.0602 1884 rimmptsk - ok
15:50:14.0724 1884 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
15:50:14.0724 1884 rimsptsk - ok
15:50:14.0825 1884 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
15:50:14.0826 1884 rismxdp - ok
15:50:14.0941 1884 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
15:50:14.0942 1884 rspndr - ok
15:50:15.0094 1884 RTHDMIAzAudService (0328ffdf9d805723d0e420018136fa7b) C:\Windows\system32\drivers\RtHDMIVX.sys
15:50:15.0095 1884 RTHDMIAzAudService - ok
15:50:15.0220 1884 RTL8169 (bf55641fc2f759281b9bf59d5daa8fde) C:\Windows\system32\DRIVERS\Rtlh64.sys
15:50:15.0221 1884 RTL8169 - ok
15:50:15.0346 1884 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
15:50:15.0347 1884 sbp2port - ok
15:50:15.0478 1884 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
15:50:15.0479 1884 sdbus - ok
15:50:15.0598 1884 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:50:15.0599 1884 secdrv - ok
15:50:15.0742 1884 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
15:50:15.0743 1884 Serenum - ok
15:50:15.0874 1884 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
15:50:15.0875 1884 Serial - ok
15:50:16.0007 1884 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
15:50:16.0007 1884 sermouse - ok
15:50:16.0153 1884 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
15:50:16.0154 1884 sffdisk - ok
15:50:16.0303 1884 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
15:50:16.0304 1884 sffp_mmc - ok
15:50:16.0452 1884 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
15:50:16.0453 1884 sffp_sd - ok
15:50:16.0604 1884 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
15:50:16.0606 1884 sfloppy - ok
15:50:16.0789 1884 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
15:50:16.0790 1884 SiSRaid2 - ok
15:50:16.0940 1884 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
15:50:16.0941 1884 SiSRaid4 - ok
15:50:17.0090 1884 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
15:50:17.0092 1884 Smb - ok
15:50:17.0235 1884 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
15:50:17.0236 1884 spldr - ok
15:50:17.0387 1884 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
15:50:17.0391 1884 srv - ok
15:50:17.0515 1884 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
15:50:17.0517 1884 srv2 - ok
15:50:17.0745 1884 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
15:50:17.0747 1884 srvnet - ok
15:50:18.0074 1884 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
15:50:18.0075 1884 swenum - ok
15:50:18.0221 1884 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
15:50:18.0222 1884 Symc8xx - ok
15:50:18.0343 1884 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
15:50:18.0344 1884 Sym_hi - ok
15:50:18.0475 1884 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
15:50:18.0476 1884 Sym_u3 - ok
15:50:18.0619 1884 SynTP (572438150fc79e41a0348e3dc56b1dd2) C:\Windows\system32\DRIVERS\SynTP.sys
15:50:18.0621 1884 SynTP - ok
15:50:18.0800 1884 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
15:50:18.0810 1884 Tcpip - ok
15:50:18.0990 1884 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
15:50:18.0999 1884 Tcpip6 - ok
15:50:19.0116 1884 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
15:50:19.0117 1884 tcpipreg - ok
15:50:19.0236 1884 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
15:50:19.0236 1884 tdcmdpst - ok
15:50:19.0355 1884 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
15:50:19.0356 1884 TDPIPE - ok
15:50:19.0478 1884 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
15:50:19.0478 1884 TDTCP - ok
15:50:19.0590 1884 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
15:50:19.0592 1884 tdx - ok
15:50:19.0802 1884 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
15:50:19.0803 1884 TermDD - ok
15:50:19.0972 1884 Tosrfcom - ok
15:50:20.0096 1884 tosrfec (9fb4aa68d4e833c795994513bc9e3aca) C:\Windows\system32\DRIVERS\tosrfec.sys
15:50:20.0097 1884 tosrfec - ok
15:50:20.0240 1884 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
15:50:20.0244 1884 tos_sps64 - ok
15:50:20.0358 1884 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:50:20.0359 1884 tssecsrv - ok
15:50:20.0459 1884 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
15:50:20.0460 1884 tunmp - ok
15:50:20.0559 1884 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
15:50:20.0560 1884 tunnel - ok
15:50:20.0739 1884 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
15:50:20.0740 1884 TVALZ - ok
15:50:20.0876 1884 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
15:50:20.0877 1884 uagp35 - ok
15:50:21.0023 1884 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
15:50:21.0025 1884 udfs - ok
15:50:21.0233 1884 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
15:50:21.0234 1884 uliagpkx - ok
15:50:21.0389 1884 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
15:50:21.0391 1884 uliahci - ok
15:50:21.0551 1884 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
15:50:21.0553 1884 UlSata - ok
15:50:21.0762 1884 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
15:50:21.0763 1884 ulsata2 - ok
15:50:21.0909 1884 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
15:50:21.0910 1884 umbus - ok
15:50:22.0082 1884 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
15:50:22.0083 1884 usbccgp - ok
15:50:22.0217 1884 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
15:50:22.0218 1884 usbcir - ok
15:50:22.0369 1884 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
15:50:22.0370 1884 usbehci - ok
15:50:22.0516 1884 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
15:50:22.0518 1884 usbhub - ok
15:50:22.0655 1884 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
15:50:22.0656 1884 usbohci - ok
15:50:22.0812 1884 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
15:50:22.0813 1884 usbprint - ok
15:50:22.0942 1884 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:50:22.0943 1884 USBSTOR - ok
15:50:23.0057 1884 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
15:50:23.0057 1884 usbuhci - ok
15:50:23.0193 1884 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
15:50:23.0194 1884 usbvideo - ok
15:50:23.0300 1884 UVCFTR (56ed086f1300ecb1e6f67ac43955e5e9) C:\Windows\system32\Drivers\UVCFTR_S.SYS
15:50:23.0301 1884 UVCFTR - ok
15:50:23.0414 1884 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
15:50:23.0415 1884 vga - ok
15:50:23.0533 1884 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
15:50:23.0534 1884 VgaSave - ok
15:50:23.0658 1884 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
15:50:23.0658 1884 viaide - ok
15:50:23.0775 1884 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
15:50:23.0776 1884 volmgr - ok
15:50:23.0905 1884 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
15:50:23.0908 1884 volmgrx - ok
15:50:24.0023 1884 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
15:50:24.0025 1884 volsnap - ok
15:50:24.0151 1884 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
15:50:24.0153 1884 vsmraid - ok
15:50:24.0278 1884 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
15:50:24.0279 1884 WacomPen - ok
15:50:24.0406 1884 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:50:24.0407 1884 Wanarp - ok
15:50:24.0413 1884 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:50:24.0414 1884 Wanarpv6 - ok
15:50:24.0585 1884 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
15:50:24.0585 1884 Wd - ok
15:50:24.0732 1884 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
15:50:24.0738 1884 Wdf01000 - ok
15:50:24.0912 1884 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
15:50:24.0912 1884 WmiAcpi - ok
15:50:25.0089 1884 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
15:50:25.0090 1884 WpdUsb - ok
15:50:25.0216 1884 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
15:50:25.0216 1884 ws2ifsl - ok
15:50:25.0375 1884 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:50:25.0376 1884 WUDFRd - ok
15:50:25.0432 1884 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
15:50:25.0453 1884 \Device\Harddisk0\DR0 - ok
15:50:25.0457 1884 Boot (0x1200) (df4aeedb8bb9841d650a9dd56251376a) \Device\Harddisk0\DR0\Partition0
15:50:25.0458 1884 \Device\Harddisk0\DR0\Partition0 - ok
15:50:25.0459 1884 ============================================================
15:50:25.0460 1884 Scan finished
15:50:25.0460 1884 ============================================================
15:50:25.0472 4856 Detected object count: 0
15:50:25.0472 4856 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:00 PM

Posted 07 November 2011 - 12:54 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 manifestoman

manifestoman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 07 November 2011 - 04:42 PM

Here are the logs:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-07 16:23:41
-----------------------------
16:23:41.842 OS Version: Windows x64 6.0.6002 Service Pack 2
16:23:41.842 Number of processors: 2 586 0x170A
16:23:41.843 ComputerName: ALEX-PC UserName: Alex
16:23:45.651 Initialize success
16:25:10.798 AVAST engine defs: 11110700
16:25:17.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:25:17.410 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
16:25:17.426 Disk 0 MBR read successfully
16:25:17.430 Disk 0 MBR scan
16:25:17.436 Disk 0 MBR:Alureon-I [Rtk]
16:25:17.441 Disk 0 TDL4@MBR code has been found
16:25:17.446 Disk 0 Windows VISTA default MBR code found via API
16:25:17.450 Disk 0 MBR hidden
16:25:17.453 Disk 0 MBR [TDL4] **ROOTKIT**
16:25:17.457 Disk 0 trace - called modules:
16:25:17.462 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006b0c254]<<
16:25:17.466 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004edc790]
16:25:17.470 3 CLASSPNP.SYS[fffffa6000fcdc33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bbf050]
16:25:17.477 \Driver\iaStor[0xfffffa8004b5f550] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006b0c254
16:25:19.932 AVAST engine scan C:\Windows
16:25:33.570 AVAST engine scan C:\Windows\system32
16:28:04.136 AVAST engine scan C:\Windows\system32\drivers
16:28:17.721 AVAST engine scan C:\Users\Alex
16:37:44.143 AVAST engine scan C:\ProgramData
16:39:39.253 Scan finished successfully
16:40:10.366 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
16:40:10.378 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:00 PM

Posted 09 November 2011 - 10:01 AM

Hello

I want you to rerun ASWmbr and run the fix below

aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 manifestoman

manifestoman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 10 November 2011 - 07:26 PM

Alright, it ran the scan and I it fix... and now when ever I try to boot it goes to system repair on launch and says the os loader is missing. Does this mean I need to find my installation disk? The computer will not get past the system repair, it's stuck in a loop of restart, run system repair, restart, exc.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:00 PM

Posted 10 November 2011 - 08:50 PM

System Recovery Environment

To access the System Recovery Environment, simply boot your PC,

  • just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.
  • There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.
  • Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:
  • From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
  • Type the following into the "Command Prompt Window": and press enter

    bootrec.exe /fixmbr

If you have problems booting the computer after you have run that command boot back into the System Recovery Environment and Type the following into the "Command Prompt Window": and press enter

bootrec.exe /fixboot
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 manifestoman

manifestoman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 11 November 2011 - 04:08 PM

Thanks, the computer boots again now. Haven't noticed the problem yet but we'll see. Couldn't find the old log so instead I ran a new scan with aswmbr, here are the results:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-11 15:42:30
-----------------------------
15:42:30.303 OS Version: Windows x64 6.0.6002 Service Pack 2
15:42:30.303 Number of processors: 2 586 0x170A
15:42:30.304 ComputerName: ALEX-PC UserName: Alex
15:42:31.762 Initialize success
15:44:10.944 AVAST engine defs: 11111100
15:44:24.314 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:44:24.317 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
15:44:24.335 Disk 0 MBR read successfully
15:44:24.338 Disk 0 MBR scan
15:44:24.342 Disk 0 Windows VISTA default MBR code
15:44:24.345 Service scanning
15:44:29.150 Modules scanning
15:44:29.154 Disk 0 trace - called modules:
15:44:29.182 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:44:29.185 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004edd790]
15:44:29.189 3 CLASSPNP.SYS[fffffa6000fcec33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bbe050]
15:44:30.398 AVAST engine scan C:\Windows
15:44:40.193 AVAST engine scan C:\Windows\system32
15:48:03.869 AVAST engine scan C:\Windows\system32\drivers
15:48:30.942 AVAST engine scan C:\Users\Alex
15:57:19.420 AVAST engine scan C:\ProgramData
15:59:07.948 Scan finished successfully
15:59:21.080 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
15:59:21.089 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR2.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:00 PM

Posted 11 November 2011 - 10:32 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 manifestoman

manifestoman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 12 November 2011 - 01:32 AM

So far computer has worked smoothly and there are no signs of the viurs. I will post the logs. Once again, I cannot thank you enough for your help.

ComboFix 11-11-11.06 - Alex 11/12/2011 0:57.4.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2458 [GMT -5:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alex\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-10-30 18:15 . 2011-09-06 13:56 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-10-30 18:15 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-10-30 18:15 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-10-30 18:15 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-30 18:15 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-30 18:15 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-30 18:15 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-30 18:15 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-30 18:15 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-10-30 18:05 . 2011-08-13 05:11 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-30 18:05 . 2011-08-13 04:43 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-30 18:05 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-30 18:05 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-30 18:05 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-30 18:05 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-30 18:05 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-30 18:05 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-10-30 18:05 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-30 18:05 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-10-30 16:52 . 2011-10-30 16:52 -------- d-----w- c:\programdata\AVAST Software
2011-10-30 16:52 . 2011-10-30 16:52 -------- d-----w- c:\program files\AVAST Software
2011-10-29 20:35 . 2011-10-29 20:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-29 20:35 . 2011-10-29 20:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-10-22 01:52 . 2011-10-28 03:32 -------- d-----w- c:\users\Alex\AppData\Roaming\.minecraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-02 20:33 . 2011-08-21 03:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 09:06 . 2011-07-04 18:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-02_21.24.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-27 15:15 . 2011-11-07 21:55 87927 c:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe
+ 2011-10-05 11:32 . 2011-10-05 11:32 86016 c:\windows\SysWOW64\Adobe\Shockwave 11\SwMenu.dll
+ 2011-10-05 10:19 . 2011-10-05 10:19 73408 c:\windows\SysWOW64\Adobe\Shockwave 11\gtapi.dll
+ 2011-10-05 10:19 . 2011-10-05 10:19 64512 c:\windows\SysWOW64\Adobe\Shockwave 11\gcapi_dll.dll
+ 2011-10-05 11:33 . 2011-10-05 11:33 12800 c:\windows\SysWOW64\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-01-21 02:23 . 2011-11-12 06:10 53868 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-11-12 06:10 77008 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-27 01:54 . 2011-11-12 06:10 14406 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2009382799-2340786075-754663182-1000_UserData.bin
+ 2011-11-05 22:07 . 2011-11-05 22:07 22016 c:\windows\Installer\43a38.msi
+ 2011-11-07 21:55 . 2011-11-07 21:55 10134 c:\windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe
- 2006-11-02 12:40 . 2011-10-30 17:53 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 12:40 . 2011-11-11 20:38 51200 c:\windows\inf\infpub.dat
- 2011-11-02 21:23 . 2011-11-02 21:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-12 06:07 . 2011-11-12 06:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-02 21:23 . 2011-11-02 21:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-12 06:07 . 2011-11-12 06:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-05 10:19 . 2011-10-05 10:19 279992 c:\windows\SysWOW64\Adobe\Shockwave 11\SymCCIS.dll
+ 2011-10-05 11:32 . 2011-10-05 11:32 114176 c:\windows\SysWOW64\Adobe\Shockwave 11\SwInit.exe
+ 2011-10-05 11:34 . 2011-10-05 11:34 434176 c:\windows\SysWOW64\Adobe\Shockwave 11\Proj.dll
+ 2011-10-05 11:32 . 2011-10-05 11:32 365056 c:\windows\SysWOW64\Adobe\Shockwave 11\Plugin.dll
+ 2011-10-05 11:21 . 2011-10-05 11:21 990208 c:\windows\SysWOW64\Adobe\Shockwave 11\iml32.dll
+ 2011-10-05 11:15 . 2011-10-05 11:15 919040 c:\windows\SysWOW64\Adobe\Shockwave 11\gi.dll
+ 2011-10-05 11:31 . 2011-10-05 11:31 542720 c:\windows\SysWOW64\Adobe\Shockwave 11\Control.dll
+ 2011-09-16 13:05 . 2011-09-16 13:05 113080 c:\windows\SysWOW64\Adobe\Director\SWDNLD.EXE
+ 2011-09-16 13:05 . 2011-09-16 13:05 279480 c:\windows\SysWOW64\Adobe\Director\SwDir.dll
+ 2011-10-05 11:33 . 2011-10-05 11:33 145920 c:\windows\SysWOW64\Adobe\Director\np32dsw.dll
- 2009-07-28 01:49 . 2011-10-10 00:20 226058 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-28 01:49 . 2011-11-12 05:49 226058 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-13 00:25 . 2011-11-09 02:33 222454 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 12:46 . 2011-11-11 20:43 672542 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-10-30 18:53 672542 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-10-30 18:53 131932 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-11-11 20:43 131932 c:\windows\system32\perfc009.dat
+ 2011-03-12 06:59 . 2011-11-12 06:06 385680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-03-12 06:59 . 2011-11-02 21:22 385680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-14 20:37 . 2011-11-06 18:05 386448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2009382799-2340786075-754663182-1000-12288.dat
- 2011-07-14 20:37 . 2011-10-30 20:43 386448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2009382799-2340786075-754663182-1000-12288.dat
+ 2011-11-07 21:55 . 2011-11-07 21:55 430592 c:\windows\Installer\21fd17.msi
- 2006-11-02 12:40 . 2011-10-30 17:53 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 12:40 . 2011-11-11 20:38 143360 c:\windows\inf\infstrng.dat
+ 2011-10-05 11:40 . 2011-10-05 11:40 1040824 c:\windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1161629.exe
+ 2011-10-05 10:19 . 2011-10-05 10:19 2376368 c:\windows\SysWOW64\Adobe\Shockwave 11\gt.exe
+ 2011-10-05 11:22 . 2011-10-05 11:22 1740800 c:\windows\SysWOW64\Adobe\Shockwave 11\dirapi.dll
+ 2011-11-08 23:20 . 2011-09-20 21:06 1426304 c:\windows\system32\drivers\tcpip.sys
+ 2009-06-11 18:48 . 2011-11-12 06:06 2615816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-06-11 18:48 . 2011-11-02 21:22 2615816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-04 02:03 . 2011-11-12 06:06 8683122 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2009382799-2340786075-754663182-1000-8192.dat
- 2006-11-02 12:33 . 2011-10-30 20:43 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:33 . 2011-11-12 06:06 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:35 . 2011-11-09 23:09 52174280 c:\windows\system32\mrt.exe
+ 2011-11-12 05:56 . 2011-11-12 05:56 10964992 c:\windows\ERDNT\Hiv-backup\schema.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 432640]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-14 68856]
"googletalk"="c:\users\Alex\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-07-31 417792]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 KR10I64;KR10I64;c:\windows\system32\drivers\kr10i64.sys [x]
R4 KR10N64;KR10N64;c:\windows\system32\drivers\kr10n64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2008-06-28 36864]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2008-07-11 40960]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-04-09 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 175104]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 84992]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 01:36]
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 01:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-08 6156288]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1216808]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2692008]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.11.1 209.18.47.61 209.18.47.62
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\2t1u7tnc.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Toshiba\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Completion time: 2011-11-12 01:15:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-12 06:15
ComboFix2.txt 2011-11-06 18:29
ComboFix3.txt 2011-11-02 21:45
ComboFix4.txt 2011-10-30 21:08
.
Pre-Run: 166,696,706,048 bytes free
Post-Run: 167,581,507,584 bytes free
.
- - End Of File - - E2F3FBDBAFB5EE23EBB0BC42C490B203

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:00 PM

Posted 12 November 2011 - 11:51 AM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 manifestoman

manifestoman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 12 November 2011 - 06:47 PM

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player 11.6
Amazon Links
Audacity 1.3.12 (Unicode)
Battlefield 2142 Deluxe Edition
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
CD/DVD Drive Acoustic Silencer
Command & Conquer Generals
Curse Client
CyberLink PowerCinema for TOSHIBA
DVD MovieFactory for TOSHIBA
GameSpy Comrade
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java™ 6 Update 29
Java™ 6 Update 6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual Basic 2005 Express Edition - ENU Service Pack 1 (KB926747)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mozilla Firefox 5.0 (x86 en-US)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetZero Internet Access Installer
QuickBooks Financial Center
Razer DeathAdder™ Mouse
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Visual Basic 2005 Express Edition - ENU (KB2251481)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skins
swMSM
Toshiba Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA PowerCinema Helper
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Basic 2005 Express Edition - ENU (KB932232)
Update for Outlook 2007 Junk Email Filter (KB2596560)
WildTangent Games
Windows Media Encoder 9 Series
World of Warcraft




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users