Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malward infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 dr1ft@gious

dr1ft@gious

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 20 December 2011 - 12:20 AM

Seldomly, when surfing the web, i'll go to a site and a pop up tab(s) comes up of a actual website, usually articles of health or just advertisements. Then i'll randomly get an audio feature of an advertisement when nothing is opened, this usually happens when i shut down or start up the computer. Thanks!

DDS text
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by fuzzygokoss at 21:05:24 on 2011-12-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.909 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k netsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\explorer.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\QeOHd1Yk.com
C:\windows\system32\QeOHd1Yk.com
C:\windows\system32\QeOHd1Yk.com
C:\windows\system32\QeOHd1Yk.com
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{9A2C832A-3E88-42DB-8D70-FFA7F014AFC6} : DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{E43D0A53-CF59-4EDD-AD97-87D729A9C2C0} : DhcpNameServer = 192.168.2.1 68.87.68.166 68.87.74.166
TCP: Interfaces\{E43D0A53-CF59-4EDD-AD97-87D729A9C2C0}\13830373023586164656373627563747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E43D0A53-CF59-4EDD-AD97-87D729A9C2C0}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E43D0A53-CF59-4EDD-AD97-87D729A9C2C0}\76279676376616D6 : DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{E43D0A53-CF59-4EDD-AD97-87D729A9C2C0}\D61636 : DhcpNameServer = 192.168.1.1
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fuzzygokoss\appdata\roaming\mozilla\firefox\profiles\3ouhi4j7.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.resulturl.com/?tmp=nemo_results_removelink&prt=rsturlwd1&keywords=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-6-1 176128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [2009-7-13 20992]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-1 167936]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-6-1 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-17 111960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-6-8 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-6-1 171520]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-10 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-9 1343400]
.
=============== Created Last 30 ================
.
2011-12-19 10:44:23 79872 ----a-w- c:\windows\system32\QeOHd1Yk.com
2011-12-18 04:42:03 79872 ----a-w- c:\programdata\01NCUtCd.exe
2011-12-16 16:42:52 79872 ----a-w- c:\windows\system32\QeOHd1Yk.com_
2011-12-14 04:41:52 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 04:41:46 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 04:41:43 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 04:41:42 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-13 23:36:40 327680 ----a-w- c:\users\fuzzygokoss\appdata\local\jfk.exe
2011-12-13 04:44:07 -------- d-----w- c:\program files\PowerISO
2011-12-13 04:03:28 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-12-13 04:03:15 -------- d-----w- c:\programdata\Rosetta Stone
2011-12-13 04:03:15 -------- d-----w- c:\program files\Rosetta Stone
2011-12-10 16:01:20 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9853f206-64e0-4876-89c4-46146563f327}\mpengine.dll
.
==================== Find3M ====================
.
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 21:09:47.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 24 December 2011 - 08:23 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 28 December 2011 - 01:28 AM

Greetings


it has been about three or four days since I have heard from you so I am coming by just to check on you.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 dr1ft@gious

dr1ft@gious
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 30 December 2011 - 12:05 AM

Hello, i apologize for not responding anytime sooner, i've been busy and i've finally gotten to where i can get to work on this. I did what you had said and turned off my protection which was just spybot S&D teatimer, and then i downloaded combofix, closed all browsers and then ran it. It finished rather quickly and it followed with nothing, it didn't give me a report.
also, i've been having the same problems with random advertisements and my computer is still slow as usual.
thanks a lot for being patient with me, once again i apologize for being late.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 30 December 2011 - 12:27 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 dr1ft@gious

dr1ft@gious
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 30 December 2011 - 01:17 PM

Good day, i'd like to say thanks for taking the time to help me. It turned out last night, after i ran combofix, that it was just being slow. After 15 minutes a blue screen popped up and notified me that combofix was scanning and it would take some time. well it took a lot longer than the 10 minutes it told me, so i left it on all night, and when i awoke this morning the log was there. I attempted to get on the internet and it said that the action was illegal due to a registry error, so i tried other things and it said that to everything i tried to open. So i restarted my computer and it went into a system update and when it rebooted it worked fine, and here i am now.

Here is the log:

ComboFix 11-12-29.05 - fuzzygokoss 12/30/2011 6:08.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.1179 [GMT -6:00]
Running from: c:\users\fuzzygokoss\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}
c:\program files\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\chrome\resulturl.jar
c:\program files\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\install.rdf
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\ReactivateIE.exe
c:\program files\StartNow Toolbar\Resources\images\btn-msn.png
c:\program files\StartNow Toolbar\Resources\images\chevronButton.png
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\separator.png
c:\program files\StartNow Toolbar\Resources\images\splitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\programdata\01NCUtCd.exe
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\fuzzygokoss\AppData\Local\jfk.exe
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{F02577FF-29CE-4130-8171-B51D94ECA96E}.dtd
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\butoon-hover-background.png
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\searchplugins\bing-zugo.xml
c:\windows\$NtUninstallKB17619$
c:\windows\$NtUninstallKB17619$\1805111483\@
c:\windows\$NtUninstallKB17619$\1805111483\bckfg.tmp
c:\windows\$NtUninstallKB17619$\1805111483\cfg.ini
c:\windows\$NtUninstallKB17619$\1805111483\Desktop.ini
c:\windows\$NtUninstallKB17619$\1805111483\kwrd.dll
c:\windows\$NtUninstallKB17619$\1805111483\L\xadqgnnk
c:\windows\$NtUninstallKB17619$\1805111483\lsflt7.ver
c:\windows\$NtUninstallKB17619$\1805111483\U\00000001.@
c:\windows\$NtUninstallKB17619$\1805111483\U\00000002.@
c:\windows\$NtUninstallKB17619$\1805111483\U\80000000.@
c:\windows\$NtUninstallKB17619$\1805111483\U\80000032.@
c:\windows\$NtUninstallKB17619$\2135652496
c:\windows\$NtUninstallKB47916$
c:\windows\$NtUninstallKB47916$\1805111483\@
c:\windows\$NtUninstallKB47916$\1805111483\bckfg.tmp
c:\windows\$NtUninstallKB47916$\1805111483\cfg.ini
c:\windows\$NtUninstallKB47916$\1805111483\Desktop.ini
c:\windows\$NtUninstallKB47916$\1805111483\keywords
c:\windows\$NtUninstallKB47916$\1805111483\kwrd.dll
c:\windows\$NtUninstallKB47916$\1805111483\L\xadqgnnk
c:\windows\$NtUninstallKB47916$\1805111483\lsflt7.ver
c:\windows\$NtUninstallKB47916$\1805111483\U\00000001.@
c:\windows\$NtUninstallKB47916$\1805111483\U\00000002.@
c:\windows\$NtUninstallKB47916$\1805111483\U\00000004.@
c:\windows\$NtUninstallKB47916$\1805111483\U\80000000.@
c:\windows\$NtUninstallKB47916$\1805111483\U\80000004.@
c:\windows\$NtUninstallKB47916$\1805111483\U\80000032.@
c:\windows\$NtUninstallKB47916$\3301105596
c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\sp.Dll
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 12:19 . 2011-12-30 12:21 -------- d-----w- c:\users\fuzzygokoss\AppData\Local\temp
2011-12-30 12:19 . 2011-12-30 12:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 07:49 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-28 10:44 . 2011-12-17 23:51 79872 ----a-w- c:\windows\system32\QeOHd1Yk.com
2011-12-23 01:00 . 2011-12-28 16:44 -------- d-----w- c:\users\fuzzygokoss\AppData\Roaming\Ykqo
2011-12-23 01:00 . 2011-12-23 01:00 -------- d-----w- c:\users\fuzzygokoss\AppData\Roaming\Owofogt
2011-12-14 04:41 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 04:41 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 04:41 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 04:41 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-13 04:44 . 2011-12-13 04:44 -------- d-----w- c:\program files\PowerISO
2011-12-13 04:03 . 2011-12-13 04:03 -------- d-----w- c:\programdata\FLEXnet
2011-12-13 04:03 . 2011-12-13 04:03 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-12-13 04:03 . 2011-12-17 22:47 -------- d-----w- c:\programdata\Rosetta Stone
2011-12-13 04:03 . 2011-12-13 04:03 -------- d-----w- c:\program files\Rosetta Stone
2011-12-10 16:01 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9853F206-64E0-4876-89C4-46146563F327}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 10:06 . 2011-08-19 00:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-09 21:13 . 2011-10-02 02:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"{A499F3B3-5E59-2B19-F41C-BBD9EDBDA727}"="c:\users\fuzzygokoss\AppData\Roaming\Owofogt\ozcezyy.exe" [2011-08-01 197632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2009-08-05 21:04 738616 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2009-06-02 16:24 425984 ----a-w- c:\program files\TOSHIBA\Utilities\HWSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 21:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2011-02-11 18:45 1295736 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-09-17 20:37 611672 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2009-08-05 21:18 476512 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-10 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 c:\windows\Tasks\At1.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-30 c:\windows\Tasks\At10.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-30 c:\windows\Tasks\At11.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-30 c:\windows\Tasks\At12.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-29 c:\windows\Tasks\At13.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-29 c:\windows\Tasks\At14.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-29 c:\windows\Tasks\At15.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-29 c:\windows\Tasks\At16.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-29 c:\windows\Tasks\At17.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-29 c:\windows\Tasks\At18.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-29 c:\windows\Tasks\At19.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-30 c:\windows\Tasks\At2.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-29 c:\windows\Tasks\At20.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-29 c:\windows\Tasks\At21.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-29 c:\windows\Tasks\At22.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-29 c:\windows\Tasks\At23.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-29 c:\windows\Tasks\At24.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-30 c:\windows\Tasks\At25.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-30 c:\windows\Tasks\At26.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-30 c:\windows\Tasks\At27.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-30 c:\windows\Tasks\At28.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-30 c:\windows\Tasks\At29.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-30 c:\windows\Tasks\At3.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-30 c:\windows\Tasks\At30.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-30 c:\windows\Tasks\At31.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-30 c:\windows\Tasks\At32.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-30 c:\windows\Tasks\At33.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-30 c:\windows\Tasks\At34.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-30 c:\windows\Tasks\At35.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-30 c:\windows\Tasks\At36.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-30 c:\windows\Tasks\At37.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-30 c:\windows\Tasks\At38.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-30 c:\windows\Tasks\At39.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-30 c:\windows\Tasks\At4.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-30 c:\windows\Tasks\At40.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-30 c:\windows\Tasks\At41.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-30 c:\windows\Tasks\At42.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-30 c:\windows\Tasks\At43.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-30 c:\windows\Tasks\At44.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-30 c:\windows\Tasks\At5.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-30 c:\windows\Tasks\At6.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-30 c:\windows\Tasks\At7.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
2011-12-30 c:\windows\Tasks\At8.job
- c:\windows\system32\QeOHd1Yk.com_ [2011-12-16 23:51]
.
2011-12-30 c:\windows\Tasks\At9.job
- c:\windows\system32\QeOHd1Yk.com [2011-12-28 23:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
FF - ProfilePath - c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.resulturl.com/?tmp=nemo_results_removelink&prt=rsturlwd1&keywords=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-12-30 06:25:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-30 12:25
.
Pre-Run: 178,994,954,240 bytes free
Post-Run: 179,028,144,128 bytes free
.
- - End Of File - - 673EDEA8C2114D717DEC72F24AD0DD53

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 30 December 2011 - 01:44 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

AtJob::

File::
c:\windows\system32\QeOHd1Yk.com
c:\windows\system32\QeOHd1Yk.com_ 

Folder::
c:\users\fuzzygokoss\AppData\Roaming\Ykqo
c:\users\fuzzygokoss\AppData\Roaming\Owofogt

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 dr1ft@gious

dr1ft@gious
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 30 December 2011 - 10:31 PM

alrighty, so i ran the combofix. It asked me to update and it did. this time it didnt take anywhere as long to the last time i ran it. Before i ran it i didn't notice many problems at all really, except i still had the random advertisement audios playing. other than that, it ran great, really fast too.

Thanks again, this has been a real big help

Here is the log with the scipt from combofix:

ComboFix 11-12-30.02 - fuzzygokoss 12/30/2011 21:11:48.2.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.1091 [GMT -6:00]
Running from: c:\users\fuzzygokoss\Downloads\ComboFix.exe
Command switches used :: c:\users\fuzzygokoss\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\QeOHd1Yk.com"
"c:\windows\system32\QeOHd1Yk.com_"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\fuzzygokoss\AppData\Roaming\Owofogt
c:\users\fuzzygokoss\AppData\Roaming\Owofogt\ozcezyy.exe
c:\users\fuzzygokoss\AppData\Roaming\Ykqo
c:\windows\system32\QeOHd1Yk.com
c:\windows\system32\QeOHd1Yk.com_
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
.
.
2011-12-31 03:21 . 2011-12-31 03:22 -------- d-----w- c:\users\fuzzygokoss\AppData\Local\temp
2011-12-31 03:21 . 2011-12-31 03:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 07:49 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-14 04:41 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 04:41 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 04:41 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 04:41 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-13 04:44 . 2011-12-13 04:44 -------- d-----w- c:\program files\PowerISO
2011-12-13 04:03 . 2011-12-13 04:03 -------- d-----w- c:\programdata\FLEXnet
2011-12-13 04:03 . 2011-12-13 04:03 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-12-13 04:03 . 2011-12-17 22:47 -------- d-----w- c:\programdata\Rosetta Stone
2011-12-13 04:03 . 2011-12-13 04:03 -------- d-----w- c:\program files\Rosetta Stone
2011-12-10 16:01 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9853F206-64E0-4876-89C4-46146563F327}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 10:06 . 2011-08-19 00:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-09 21:13 . 2011-10-02 02:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2009-08-05 21:04 738616 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2009-06-02 16:24 425984 ----a-w- c:\program files\TOSHIBA\Utilities\HWSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 21:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2011-02-11 18:45 1295736 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-09-17 20:37 611672 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2009-08-05 21:18 476512 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-10 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1 68.87.68.166 68.87.74.166
FF - ProfilePath - c:\users\fuzzygokoss\AppData\Roaming\Mozilla\Firefox\Profiles\3ouhi4j7.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.resulturl.com/?tmp=nemo_results_removelink&prt=rsturlwd1&keywords=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-{A499F3B3-5E59-2B19-F41C-BBD9EDBDA727} - c:\users\fuzzygokoss\AppData\Roaming\Owofogt\ozcezyy.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-12-30 21:27:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-31 03:27
ComboFix2.txt 2011-12-30 12:25
.
Pre-Run: 178,717,614,080 bytes free
Post-Run: 178,277,711,872 bytes free
.
- - End Of File - - 3DD3E61592C8E78F90B52ED53770080A

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 31 December 2011 - 05:14 AM

Hello

how are things running after combofix?

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 dr1ft@gious

dr1ft@gious
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 01 January 2012 - 07:08 PM

Happy new years!!! hope you had a good one!
lets see, It didn't say anything about infections or suspicious files, and it no threats. Also, the computer has been running great. so far no signs of any random advertisements.
I have a couple things to ask by the way. While I had this virus, when ever i would go to my banking website and i would sign in, it would ask for my social and my card number and all this info. so i tried it on my other computer and it didnt ask to do that, although I almost bought it, i started putting information in but i never entered it it. should i be cautious about my identity and my money now?
also, could you recommend some better software that i could use to prevent such infections?

thanks again for all this help, everytime i need help or no someone who does, i will always recommend this place!!

Here is the log:
TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
17:43:58.0595 4016 ============================================================
17:43:58.0595 4016 Current date / time: 2012/01/01 17:43:58.0595
17:43:58.0595 4016 SystemInfo:
17:43:58.0595 4016
17:43:58.0595 4016 OS Version: 6.1.7601 ServicePack: 1.0
17:43:58.0595 4016 Product type: Workstation
17:43:58.0595 4016 ComputerName: FUZZYGOKOSS-PC
17:43:58.0595 4016 UserName: fuzzygokoss
17:43:58.0595 4016 Windows directory: C:\windows
17:43:58.0595 4016 System windows directory: C:\windows
17:43:58.0595 4016 Processor architecture: Intel x86
17:43:58.0595 4016 Number of processors: 1
17:43:58.0595 4016 Page size: 0x1000
17:43:58.0595 4016 Boot type: Normal boot
17:43:58.0595 4016 ============================================================
17:44:00.0342 4016 Initialize success
17:44:03.0447 0972 ============================================================
17:44:03.0447 0972 Scan started
17:44:03.0447 0972 Mode: Manual;
17:44:03.0447 0972 ============================================================
17:44:04.0913 0972 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
17:44:04.0913 0972 1394ohci - ok
17:44:05.0054 0972 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
17:44:05.0069 0972 ACPI - ok
17:44:05.0178 0972 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
17:44:05.0178 0972 AcpiPmi - ok
17:44:05.0319 0972 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
17:44:05.0334 0972 adp94xx - ok
17:44:05.0459 0972 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
17:44:05.0475 0972 adpahci - ok
17:44:05.0600 0972 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
17:44:05.0600 0972 adpu320 - ok
17:44:05.0724 0972 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
17:44:05.0740 0972 AFD - ok
17:44:05.0880 0972 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
17:44:05.0896 0972 AgereSoftModem - ok
17:44:05.0990 0972 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
17:44:05.0990 0972 agp440 - ok
17:44:06.0114 0972 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
17:44:06.0114 0972 aic78xx - ok
17:44:06.0286 0972 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
17:44:06.0286 0972 aliide - ok
17:44:06.0426 0972 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
17:44:06.0426 0972 amdagp - ok
17:44:06.0551 0972 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
17:44:06.0551 0972 amdide - ok
17:44:06.0660 0972 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
17:44:06.0676 0972 AmdK8 - ok
17:44:06.0801 0972 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
17:44:06.0801 0972 AmdPPM - ok
17:44:06.0910 0972 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
17:44:06.0910 0972 amdsata - ok
17:44:07.0050 0972 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
17:44:07.0050 0972 amdsbs - ok
17:44:07.0191 0972 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
17:44:07.0191 0972 amdxata - ok
17:44:07.0300 0972 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
17:44:07.0316 0972 AppID - ok
17:44:07.0487 0972 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
17:44:07.0487 0972 arc - ok
17:44:07.0581 0972 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
17:44:07.0581 0972 arcsas - ok
17:44:07.0706 0972 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
17:44:07.0706 0972 AsyncMac - ok
17:44:07.0815 0972 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
17:44:07.0815 0972 atapi - ok
17:44:08.0080 0972 atikmdag (c97be8350fbcb1960b22fad2e6c2b514) C:\windows\system32\DRIVERS\atikmdag.sys
17:44:08.0205 0972 atikmdag - ok
17:44:08.0361 0972 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys
17:44:08.0361 0972 AtiPcie - ok
17:44:08.0564 0972 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
17:44:08.0564 0972 b06bdrv - ok
17:44:08.0688 0972 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
17:44:08.0688 0972 b57nd60x - ok
17:44:08.0829 0972 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
17:44:08.0829 0972 Beep - ok
17:44:08.0954 0972 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
17:44:08.0954 0972 blbdrive - ok
17:44:09.0063 0972 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
17:44:09.0063 0972 bowser - ok
17:44:09.0188 0972 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
17:44:09.0188 0972 BrFiltLo - ok
17:44:09.0312 0972 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
17:44:09.0312 0972 BrFiltUp - ok
17:44:09.0437 0972 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
17:44:09.0453 0972 Brserid - ok
17:44:09.0578 0972 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
17:44:09.0578 0972 BrSerWdm - ok
17:44:09.0702 0972 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
17:44:09.0702 0972 BrUsbMdm - ok
17:44:09.0827 0972 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
17:44:09.0827 0972 BrUsbSer - ok
17:44:09.0936 0972 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
17:44:09.0952 0972 BTHMODEM - ok
17:44:10.0077 0972 catchme - ok
17:44:10.0217 0972 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
17:44:10.0217 0972 cdfs - ok
17:44:10.0358 0972 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
17:44:10.0358 0972 cdrom - ok
17:44:10.0514 0972 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
17:44:10.0514 0972 circlass - ok
17:44:10.0607 0972 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
17:44:10.0623 0972 CLFS - ok
17:44:10.0779 0972 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
17:44:10.0779 0972 CmBatt - ok
17:44:10.0904 0972 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
17:44:10.0904 0972 cmdide - ok
17:44:11.0044 0972 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
17:44:11.0044 0972 CNG - ok
17:44:11.0200 0972 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
17:44:11.0216 0972 Compbatt - ok
17:44:11.0340 0972 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
17:44:11.0340 0972 CompositeBus - ok
17:44:11.0450 0972 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
17:44:11.0465 0972 crcdisk - ok
17:44:11.0621 0972 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
17:44:11.0621 0972 DfsC - ok
17:44:11.0762 0972 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
17:44:11.0762 0972 discache - ok
17:44:11.0886 0972 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
17:44:11.0886 0972 Disk - ok
17:44:12.0011 0972 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
17:44:12.0011 0972 drmkaud - ok
17:44:12.0136 0972 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
17:44:12.0152 0972 DXGKrnl - ok
17:44:12.0386 0972 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
17:44:12.0417 0972 ebdrv - ok
17:44:12.0573 0972 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
17:44:12.0573 0972 elxstor - ok
17:44:12.0698 0972 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
17:44:12.0698 0972 ErrDev - ok
17:44:12.0822 0972 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
17:44:12.0838 0972 exfat - ok
17:44:12.0947 0972 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
17:44:12.0947 0972 fastfat - ok
17:44:13.0072 0972 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
17:44:13.0088 0972 fdc - ok
17:44:13.0197 0972 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
17:44:13.0197 0972 FileInfo - ok
17:44:13.0290 0972 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
17:44:13.0290 0972 Filetrace - ok
17:44:13.0415 0972 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
17:44:13.0415 0972 flpydisk - ok
17:44:13.0524 0972 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
17:44:13.0524 0972 FltMgr - ok
17:44:13.0634 0972 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
17:44:13.0634 0972 FsDepends - ok
17:44:13.0727 0972 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
17:44:13.0727 0972 Fs_Rec - ok
17:44:13.0836 0972 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
17:44:13.0852 0972 fvevol - ok
17:44:13.0961 0972 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
17:44:13.0961 0972 gagp30kx - ok
17:44:14.0070 0972 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
17:44:14.0070 0972 hcw85cir - ok
17:44:14.0195 0972 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
17:44:14.0211 0972 HdAudAddService - ok
17:44:14.0320 0972 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
17:44:14.0320 0972 HDAudBus - ok
17:44:14.0429 0972 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
17:44:14.0445 0972 HidBatt - ok
17:44:14.0538 0972 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
17:44:14.0538 0972 HidBth - ok
17:44:14.0679 0972 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
17:44:14.0679 0972 HidIr - ok
17:44:14.0819 0972 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
17:44:14.0835 0972 HidUsb - ok
17:44:14.0975 0972 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
17:44:14.0991 0972 HpSAMD - ok
17:44:15.0100 0972 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
17:44:15.0116 0972 HTTP - ok
17:44:15.0240 0972 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
17:44:15.0240 0972 hwpolicy - ok
17:44:15.0381 0972 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
17:44:15.0381 0972 i8042prt - ok
17:44:15.0521 0972 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
17:44:15.0537 0972 iaStorV - ok
17:44:15.0662 0972 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
17:44:15.0677 0972 iirsp - ok
17:44:15.0896 0972 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
17:44:15.0911 0972 IntcAzAudAddService - ok
17:44:16.0020 0972 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
17:44:16.0020 0972 intelide - ok
17:44:16.0130 0972 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
17:44:16.0145 0972 intelppm - ok
17:44:16.0254 0972 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
17:44:16.0254 0972 IpFilterDriver - ok
17:44:16.0379 0972 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
17:44:16.0379 0972 IPMIDRV - ok
17:44:16.0504 0972 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
17:44:16.0504 0972 IPNAT - ok
17:44:16.0613 0972 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
17:44:16.0613 0972 IRENUM - ok
17:44:16.0722 0972 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
17:44:16.0722 0972 isapnp - ok
17:44:16.0847 0972 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
17:44:16.0847 0972 iScsiPrt - ok
17:44:16.0972 0972 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
17:44:16.0972 0972 kbdclass - ok
17:44:17.0097 0972 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
17:44:17.0097 0972 kbdhid - ok
17:44:17.0206 0972 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
17:44:17.0206 0972 KSecDD - ok
17:44:17.0315 0972 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
17:44:17.0315 0972 KSecPkg - ok
17:44:17.0471 0972 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
17:44:17.0471 0972 lltdio - ok
17:44:17.0612 0972 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys
17:44:17.0612 0972 LPCFilter - ok
17:44:17.0752 0972 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
17:44:17.0752 0972 LSI_FC - ok
17:44:17.0877 0972 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
17:44:17.0877 0972 LSI_SAS - ok
17:44:18.0002 0972 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
17:44:18.0002 0972 LSI_SAS2 - ok
17:44:18.0126 0972 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
17:44:18.0126 0972 LSI_SCSI - ok
17:44:18.0251 0972 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
17:44:18.0251 0972 luafv - ok
17:44:18.0329 0972 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
17:44:18.0329 0972 megasas - ok
17:44:18.0438 0972 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
17:44:18.0454 0972 MegaSR - ok
17:44:18.0548 0972 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
17:44:18.0548 0972 Modem - ok
17:44:18.0672 0972 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
17:44:18.0672 0972 monitor - ok
17:44:18.0782 0972 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
17:44:18.0782 0972 mouclass - ok
17:44:18.0922 0972 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
17:44:18.0922 0972 mouhid - ok
17:44:19.0031 0972 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
17:44:19.0031 0972 mountmgr - ok
17:44:19.0156 0972 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
17:44:19.0156 0972 mpio - ok
17:44:19.0281 0972 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
17:44:19.0281 0972 mpsdrv - ok
17:44:19.0406 0972 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
17:44:19.0406 0972 MRxDAV - ok
17:44:19.0515 0972 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
17:44:19.0530 0972 mrxsmb - ok
17:44:19.0640 0972 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
17:44:19.0640 0972 mrxsmb10 - ok
17:44:19.0749 0972 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
17:44:19.0749 0972 mrxsmb20 - ok
17:44:19.0874 0972 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
17:44:19.0874 0972 msahci - ok
17:44:19.0983 0972 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
17:44:19.0983 0972 msdsm - ok
17:44:20.0092 0972 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
17:44:20.0092 0972 Msfs - ok
17:44:20.0201 0972 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
17:44:20.0201 0972 mshidkmdf - ok
17:44:20.0326 0972 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
17:44:20.0326 0972 msisadrv - ok
17:44:20.0482 0972 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
17:44:20.0482 0972 MSKSSRV - ok
17:44:20.0622 0972 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
17:44:20.0622 0972 MSPCLOCK - ok
17:44:20.0763 0972 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
17:44:20.0778 0972 MSPQM - ok
17:44:20.0888 0972 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
17:44:20.0888 0972 MsRPC - ok
17:44:20.0997 0972 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
17:44:20.0997 0972 mssmbios - ok
17:44:21.0137 0972 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
17:44:21.0137 0972 MSTEE - ok
17:44:21.0231 0972 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
17:44:21.0231 0972 MTConfig - ok
17:44:21.0340 0972 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
17:44:21.0340 0972 Mup - ok
17:44:21.0480 0972 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
17:44:21.0480 0972 NativeWifiP - ok
17:44:21.0621 0972 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
17:44:21.0636 0972 NDIS - ok
17:44:21.0746 0972 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
17:44:21.0746 0972 NdisCap - ok
17:44:21.0870 0972 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
17:44:21.0870 0972 NdisTapi - ok
17:44:21.0995 0972 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
17:44:21.0995 0972 Ndisuio - ok
17:44:22.0104 0972 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
17:44:22.0104 0972 NdisWan - ok
17:44:22.0229 0972 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
17:44:22.0229 0972 NDProxy - ok
17:44:22.0323 0972 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
17:44:22.0323 0972 NetBIOS - ok
17:44:22.0479 0972 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
17:44:22.0479 0972 NetBT - ok
17:44:22.0635 0972 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
17:44:22.0635 0972 nfrd960 - ok
17:44:22.0775 0972 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
17:44:22.0775 0972 Npfs - ok
17:44:22.0869 0972 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
17:44:22.0869 0972 nsiproxy - ok
17:44:23.0040 0972 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
17:44:23.0056 0972 Ntfs - ok
17:44:23.0165 0972 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
17:44:23.0165 0972 Null - ok
17:44:23.0274 0972 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
17:44:23.0274 0972 nvraid - ok
17:44:23.0399 0972 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
17:44:23.0399 0972 nvstor - ok
17:44:23.0540 0972 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
17:44:23.0540 0972 nv_agp - ok
17:44:23.0649 0972 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
17:44:23.0649 0972 ohci1394 - ok
17:44:23.0805 0972 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
17:44:23.0805 0972 Parport - ok
17:44:23.0914 0972 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
17:44:23.0914 0972 partmgr - ok
17:44:24.0039 0972 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
17:44:24.0039 0972 Parvdm - ok
17:44:24.0179 0972 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
17:44:24.0179 0972 pci - ok
17:44:24.0304 0972 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
17:44:24.0304 0972 pciide - ok
17:44:24.0413 0972 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
17:44:24.0429 0972 pcmcia - ok
17:44:24.0522 0972 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
17:44:24.0538 0972 pcw - ok
17:44:24.0647 0972 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
17:44:24.0663 0972 PEAUTH - ok
17:44:24.0866 0972 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
17:44:24.0866 0972 PptpMiniport - ok
17:44:24.0959 0972 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
17:44:24.0959 0972 Processor - ok
17:44:25.0178 0972 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
17:44:25.0178 0972 Psched - ok
17:44:25.0334 0972 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
17:44:25.0349 0972 ql2300 - ok
17:44:25.0474 0972 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
17:44:25.0474 0972 ql40xx - ok
17:44:25.0583 0972 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
17:44:25.0599 0972 QWAVEdrv - ok
17:44:25.0708 0972 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
17:44:25.0708 0972 RasAcd - ok
17:44:25.0817 0972 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
17:44:25.0833 0972 RasAgileVpn - ok
17:44:25.0958 0972 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
17:44:25.0958 0972 Rasl2tp - ok
17:44:26.0082 0972 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
17:44:26.0098 0972 RasPppoe - ok
17:44:26.0207 0972 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
17:44:26.0207 0972 RasSstp - ok
17:44:26.0348 0972 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
17:44:26.0348 0972 rdbss - ok
17:44:26.0472 0972 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
17:44:26.0472 0972 rdpbus - ok
17:44:26.0582 0972 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
17:44:26.0582 0972 RDPCDD - ok
17:44:26.0706 0972 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
17:44:26.0706 0972 RDPENCDD - ok
17:44:26.0816 0972 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
17:44:26.0816 0972 RDPREFMP - ok
17:44:26.0925 0972 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
17:44:26.0925 0972 RDPWD - ok
17:44:27.0050 0972 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
17:44:27.0050 0972 rdyboost - ok
17:44:27.0221 0972 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
17:44:27.0221 0972 rspndr - ok
17:44:27.0346 0972 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\system32\Drivers\RtsUStor.sys
17:44:27.0362 0972 RSUSBSTOR - ok
17:44:27.0471 0972 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys
17:44:27.0486 0972 RTL8167 - ok
17:44:27.0611 0972 RTL8187Se (5bd298bdf62e6a8a0fc69f73a82a52bb) C:\windows\system32\DRIVERS\RTL8187Se.sys
17:44:27.0627 0972 RTL8187Se - ok
17:44:27.0705 0972 RtsUIR - ok
17:44:27.0845 0972 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
17:44:27.0845 0972 sbp2port - ok
17:44:28.0017 0972 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\windows\system32\drivers\SCDEmu.sys
17:44:28.0017 0972 SCDEmu - ok
17:44:28.0126 0972 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
17:44:28.0126 0972 scfilter - ok
17:44:28.0251 0972 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
17:44:28.0251 0972 secdrv - ok
17:44:28.0407 0972 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
17:44:28.0407 0972 Serenum - ok
17:44:28.0516 0972 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
17:44:28.0516 0972 Serial - ok
17:44:28.0641 0972 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
17:44:28.0641 0972 sermouse - ok
17:44:28.0766 0972 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
17:44:28.0766 0972 sffdisk - ok
17:44:28.0859 0972 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
17:44:28.0859 0972 sffp_mmc - ok
17:44:28.0968 0972 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
17:44:28.0968 0972 sffp_sd - ok
17:44:29.0062 0972 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
17:44:29.0062 0972 sfloppy - ok
17:44:29.0187 0972 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
17:44:29.0187 0972 sisagp - ok
17:44:29.0327 0972 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
17:44:29.0327 0972 SiSRaid2 - ok
17:44:29.0436 0972 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
17:44:29.0436 0972 SiSRaid4 - ok
17:44:29.0561 0972 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
17:44:29.0561 0972 Smb - ok
17:44:29.0702 0972 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
17:44:29.0702 0972 spldr - ok
17:44:29.0842 0972 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
17:44:29.0842 0972 srv - ok
17:44:29.0967 0972 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
17:44:29.0982 0972 srv2 - ok
17:44:30.0092 0972 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
17:44:30.0092 0972 srvnet - ok
17:44:30.0248 0972 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
17:44:30.0248 0972 stexstor - ok
17:44:30.0388 0972 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
17:44:30.0388 0972 swenum - ok
17:44:30.0528 0972 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
17:44:30.0528 0972 SynTP - ok
17:44:30.0700 0972 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
17:44:30.0716 0972 Tcpip - ok
17:44:30.0856 0972 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
17:44:30.0872 0972 TCPIP6 - ok
17:44:30.0965 0972 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
17:44:30.0981 0972 tcpipreg - ok
17:44:31.0090 0972 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
17:44:31.0090 0972 tdcmdpst - ok
17:44:31.0199 0972 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
17:44:31.0199 0972 TDPIPE - ok
17:44:31.0324 0972 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
17:44:31.0324 0972 TDTCP - ok
17:44:31.0464 0972 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
17:44:31.0464 0972 tdx - ok
17:44:31.0574 0972 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
17:44:31.0574 0972 TermDD - ok
17:44:31.0776 0972 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
17:44:31.0792 0972 tos_sps32 - ok
17:44:31.0917 0972 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
17:44:31.0917 0972 tssecsrv - ok
17:44:32.0010 0972 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
17:44:32.0026 0972 TsUsbFlt - ok
17:44:32.0151 0972 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
17:44:32.0151 0972 tunnel - ok
17:44:32.0276 0972 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
17:44:32.0276 0972 TVALZ - ok
17:44:32.0400 0972 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
17:44:32.0400 0972 uagp35 - ok
17:44:32.0525 0972 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
17:44:32.0525 0972 udfs - ok
17:44:32.0681 0972 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
17:44:32.0681 0972 uliagpkx - ok
17:44:32.0806 0972 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
17:44:32.0806 0972 umbus - ok
17:44:32.0931 0972 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
17:44:32.0946 0972 UmPass - ok
17:44:33.0056 0972 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
17:44:33.0056 0972 usbccgp - ok
17:44:33.0149 0972 USBCCID - ok
17:44:33.0290 0972 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
17:44:33.0290 0972 usbcir - ok
17:44:33.0399 0972 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
17:44:33.0399 0972 usbehci - ok
17:44:33.0524 0972 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
17:44:33.0539 0972 usbhub - ok
17:44:33.0648 0972 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\DRIVERS\usbohci.sys
17:44:33.0648 0972 usbohci - ok
17:44:33.0773 0972 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
17:44:33.0773 0972 usbprint - ok
17:44:33.0882 0972 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
17:44:33.0882 0972 USBSTOR - ok
17:44:33.0992 0972 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
17:44:33.0992 0972 usbuhci - ok
17:44:34.0132 0972 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
17:44:34.0132 0972 vdrvroot - ok
17:44:34.0257 0972 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
17:44:34.0272 0972 vga - ok
17:44:34.0397 0972 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
17:44:34.0397 0972 VgaSave - ok
17:44:34.0569 0972 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
17:44:34.0584 0972 vhdmp - ok
17:44:34.0725 0972 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
17:44:34.0725 0972 viaagp - ok
17:44:34.0818 0972 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
17:44:34.0834 0972 ViaC7 - ok
17:44:34.0943 0972 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
17:44:34.0943 0972 viaide - ok
17:44:35.0052 0972 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
17:44:35.0068 0972 volmgr - ok
17:44:35.0193 0972 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
17:44:35.0193 0972 volmgrx - ok
17:44:35.0318 0972 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
17:44:35.0318 0972 volsnap - ok
17:44:35.0442 0972 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
17:44:35.0442 0972 vsmraid - ok
17:44:35.0567 0972 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
17:44:35.0567 0972 vwifibus - ok
17:44:35.0692 0972 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
17:44:35.0692 0972 vwififlt - ok
17:44:35.0817 0972 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
17:44:35.0817 0972 WacomPen - ok
17:44:35.0926 0972 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
17:44:35.0926 0972 WANARP - ok
17:44:35.0957 0972 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
17:44:35.0957 0972 Wanarpv6 - ok
17:44:36.0113 0972 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
17:44:36.0113 0972 Wd - ok
17:44:36.0238 0972 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
17:44:36.0238 0972 Wdf01000 - ok
17:44:36.0394 0972 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
17:44:36.0394 0972 WfpLwf - ok
17:44:36.0503 0972 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
17:44:36.0503 0972 WIMMount - ok
17:44:36.0691 0972 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
17:44:36.0691 0972 WmiAcpi - ok
17:44:36.0878 0972 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
17:44:36.0878 0972 ws2ifsl - ok
17:44:37.0049 0972 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
17:44:37.0065 0972 WudfPf - ok
17:44:37.0174 0972 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
17:44:37.0190 0972 WUDFRd - ok
17:44:37.0268 0972 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
17:44:37.0330 0972 \Device\Harddisk0\DR0 - ok
17:44:37.0346 0972 Boot (0x1200) (28ac715d0ab2a5de3c9db5e666784f49) \Device\Harddisk0\DR0\Partition0
17:44:37.0346 0972 \Device\Harddisk0\DR0\Partition0 - ok
17:44:37.0361 0972 ============================================================
17:44:37.0361 0972 Scan finished
17:44:37.0361 0972 ============================================================
17:44:37.0377 1928 Detected object count: 0
17:44:37.0377 1928 Actual detected object count: 0

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 01 January 2012 - 07:13 PM

Hello

should i be cautious about my identity and my money now?
I would change all online passwords and keep an eye on things just to be safe


:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

xxx
xxx
xxx


and click on remove

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 dr1ft@gious

dr1ft@gious
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 04 January 2012 - 01:50 AM

Guten Tag.
I ran threw your steps, first of all you ask to remove some programs, which programs should i remove, because they all say xxx and i see nothing of sort on my add or remove programs list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

xxx
xxx
xxx

and click on remove

Here is the MBAM log:
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.03.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
fuzzygokoss :: FUZZYGOKOSS-PC [administrator]

Protection: Enabled

1/4/2012 12:31:21 AM
mbam-log-2012-01-04 (00-31-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 162719
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\fuzzygokoss\Downloads\eMuleSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

(end)


here is the Hijack this log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:44:58 AM, on 1/4/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\fuzzygokoss\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

--
End of file - 6437 bytes


before i did any of this today i noticed slow responses and poor download speed, I was also unable to have programs run properly.

thanks for everything again. ^.^

Auf Wiedersehen.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 04 January 2012 - 02:00 AM

Hello

sorry about that here are the programs to uninstall

Adobe Reader 9.1
Java™ 6 Update 29
StartNow Toolbar

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
      O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
      O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
      O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 07 January 2012 - 12:01 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 10 January 2012 - 12:23 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users