Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Aleuron.tk, others, MSE can't fix


  • This topic is locked This topic is locked
26 replies to this topic

#1 Bill_

Bill_

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 07 January 2012 - 11:00 PM

Hello, I am having an issue with my laptop running Win 7. About a week ago I had a virus that I believe was "Win 7 Home Security 2012". Symptoms were just as described on this guide:

http://www.bleepingcomputer.com/virus-removal/remove-win-7-home-security-2012

I followed the recommended procedure, running FixNCR, RKill, TDSSKiller, and MBAM. That seemed to fix the problems and all was well. I then installed Microsoft Security Essentials to help prevent future problems. While running, MSE will find 2 or 3 malicious items (Aleuron.tk, sirefef.j, and sirefef.B), fixes them, and says to restart to complete the fix. After restarting, it finds the same things again. A re-run of MBAM found nothing.

Other problems have been turning up. After one restart, Windows would not boot and went into auto-repair mode. It failed to auto-repair after 2 or 3 tries, so I restored window to a previous restore point, from yesterday. Now at least windows runs, but MSE still finds the malware and can't repair it.

Thanks for your help.

-Bill

DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Huffman at 22:25:41 on 2012-01-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4388 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://start.toshiba.com
uDefault_Page_URL = hxxp://start.toshiba.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FBF7B445-4C2C-44BD-98BB-D00501C2642B} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FBF7B445-4C2C-44BD-98BB-D00501C2642B}\A4F6C65697E65647 : DhcpNameServer = 207.69.188.186 207.69.188.187
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Huffman\AppData\Roaming\Mozilla\Firefox\Profiles\hxpmafsd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-9-6 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-9-6 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-6 2656280]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-9-6 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-7-1 828856]
S1 ftpkvdjv;ftpkvdjv;\??\C:\windows\system32\drivers\ftpkvdjv.sys --> C:\windows\system32\drivers\ftpkvdjv.sys [?]
S1 vxwvuatd;vxwvuatd;\??\C:\windows\system32\drivers\vxwvuatd.sys --> C:\windows\system32\drivers\vxwvuatd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-6 136176]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-6 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown dzwhfijc;dzwhfijc; [x]
SUnknown fgnwxhbe;fgnwxhbe; [x]
SUnknown geukjenx;geukjenx; [x]
SUnknown ikulsxnx;ikulsxnx; [x]
SUnknown kjzbunrv;kjzbunrv; [x]
SUnknown vkhnktru;vkhnktru; [x]
.
=============== Created Last 30 ================
.
2012-01-08 02:58:36 48464 ----a-w- C:\windows\System32\drivers\vxwvuatd.sys
2012-01-08 02:42:35 48464 ----a-w- C:\windows\System32\drivers\ftpkvdjv.sys
2012-01-08 02:31:25 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DFA34AD-9B6A-4C86-BB60-37731F4A482C}\offreg.dll
2012-01-08 02:29:19 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DFA34AD-9B6A-4C86-BB60-37731F4A482C}\mpengine.dll
2012-01-08 01:01:26 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4AD74FF-AC26-43ED-9C73-B9359F2948B3}\gapaengine.dll
2012-01-07 02:35:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-01-07 02:35:32 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-01-06 03:08:14 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-06 03:08:14 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-06 03:08:14 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-06 03:08:13 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-04 00:00:53 -------- d-----w- C:\Users\Huffman\AppData\Roaming\Malwarebytes
2012-01-04 00:00:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-04 00:00:41 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-01-04 00:00:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-03 03:12:41 -------- d-----we C:\windows\system64
2011-12-31 00:17:56 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EBC57E4A-1691-40F7-BAE2-C8D0D6389D25}\mpengine.dll
2011-12-30 00:50:39 -------- d-----w- C:\Users\Huffman\AppData\Local\Diagnostics
2011-12-15 02:20:33 -------- d-----w- C:\Program Files\Common Files\special2
2011-12-14 07:11:01 43520 ----a-w- C:\windows\System32\csrsrv.dll
2011-12-14 07:11:01 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-12-14 07:11:00 723456 ----a-w- C:\windows\System32\EncDec.dll
2011-12-14 07:11:00 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2011-12-14 07:10:58 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-12-14 07:10:58 2048 ----a-w- C:\windows\System32\tzres.dll
2011-12-10 14:55:43 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-12-10 14:54:39 -------- d-----w- C:\Users\Huffman\AppData\Roaming\uTorrent
.
==================== Find3M ====================
.
2011-12-11 13:25:41 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:26:53.02 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:21 AM

Posted 08 January 2012 - 12:48 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.



Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Bill_

Bill_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 08 January 2012 - 10:06 AM

Thanks for your response. I ran the scans as requested, however Windows crashed while aswMBR scan was running. This is 64-bit Windows 7, if that helps any. Here are the logs from DDS and MBRCheck:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Huffman at 9:48:43 on 2012-01-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4058 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://start.toshiba.com
uDefault_Page_URL = hxxp://start.toshiba.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FBF7B445-4C2C-44BD-98BB-D00501C2642B} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FBF7B445-4C2C-44BD-98BB-D00501C2642B}\A4F6C65697E65647 : DhcpNameServer = 207.69.188.186 207.69.188.187
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Huffman\AppData\Roaming\Mozilla\Firefox\Profiles\hxpmafsd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-9-6 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-9-6 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-6 2656280]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-9-6 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-7-1 828856]
S1 jrvakgdk;jrvakgdk;\??\C:\windows\system32\drivers\jrvakgdk.sys --> C:\windows\system32\drivers\jrvakgdk.sys [?]
S1 lxjxhwuq;lxjxhwuq;\??\C:\windows\system32\drivers\lxjxhwuq.sys --> C:\windows\system32\drivers\lxjxhwuq.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-6 136176]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-6 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-08 14:47:25 48464 ----a-w- C:\windows\System32\drivers\lxjxhwuq.sys
2012-01-08 14:07:31 48464 ----a-w- C:\windows\System32\drivers\jrvakgdk.sys
2012-01-08 13:42:28 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56D959E2-C1E2-48F5-A519-A345CD9A2C28}\offreg.dll
2012-01-08 13:42:25 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56D959E2-C1E2-48F5-A519-A345CD9A2C28}\mpengine.dll
2012-01-08 13:35:21 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BED2DF3E-546C-4B0A-A2DA-F7D601F98FF8}\gapaengine.dll
2012-01-07 02:35:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-01-07 02:35:32 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-01-06 03:08:14 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-06 03:08:14 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-06 03:08:14 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-06 03:08:13 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-04 00:00:53 -------- d-----w- C:\Users\Huffman\AppData\Roaming\Malwarebytes
2012-01-04 00:00:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-04 00:00:41 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-01-04 00:00:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-03 03:12:41 -------- d-----we C:\windows\system64
2011-12-31 00:17:56 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EBC57E4A-1691-40F7-BAE2-C8D0D6389D25}\mpengine.dll
2011-12-30 00:50:39 -------- d-----w- C:\Users\Huffman\AppData\Local\Diagnostics
2011-12-15 02:20:33 -------- d-----w- C:\Program Files\Common Files\special2
2011-12-14 07:11:01 43520 ----a-w- C:\windows\System32\csrsrv.dll
2011-12-14 07:11:01 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-12-14 07:11:00 723456 ----a-w- C:\windows\System32\EncDec.dll
2011-12-14 07:11:00 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2011-12-14 07:10:58 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-12-14 07:10:58 2048 ----a-w- C:\windows\System32\tzres.dll
2011-12-10 14:55:43 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-12-10 14:54:39 -------- d-----w- C:\Users\Huffman\AppData\Roaming\uTorrent
.
==================== Find3M ====================
.
2011-12-11 13:25:41 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 9:49:40.75 ===============



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Intel Corp.
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L755
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 189):
0x02E04000 \SystemRoot\system32\ntoskrnl.exe
0x033ED000 \SystemRoot\system32\hal.dll
0x00B99000 \SystemRoot\system32\kdcom.dll
0x00CFF000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D4E000 \SystemRoot\system32\PSHED.dll
0x00D62000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EF8000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F9C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\drivers\ACPI.sys
0x00E57000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00E60000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E6A000 \SystemRoot\system32\drivers\pci.sys
0x00E9D000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00EAA000 \SystemRoot\System32\drivers\partmgr.sys
0x00EBF000 \SystemRoot\system32\drivers\compbatt.sys
0x00EC8000 \SystemRoot\system32\drivers\BATTC.SYS
0x00ED4000 \SystemRoot\system32\drivers\volmgr.sys
0x010F5000 \SystemRoot\System32\drivers\volmgrx.sys
0x01151000 \SystemRoot\System32\drivers\mountmgr.sys
0x0116B000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01172000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0126D000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x013C1000 \SystemRoot\system32\drivers\atapi.sys
0x013CA000 \SystemRoot\system32\drivers\ataport.SYS
0x013F4000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01200000 \SystemRoot\system32\drivers\amdxata.sys
0x0120B000 \SystemRoot\system32\drivers\fltmgr.sys
0x01257000 \SystemRoot\system32\drivers\fileinfo.sys
0x0144A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01182000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x0141B000 \SystemRoot\System32\drivers\pcw.sys
0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0165F000 \SystemRoot\system32\drivers\ndis.sys
0x01752000 \SystemRoot\system32\drivers\NETIO.SYS
0x017B2000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01817000 \SystemRoot\System32\drivers\tcpip.sys
0x01A1B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A65000 \SystemRoot\system32\drivers\wd.sys
0x01A6D000 \SystemRoot\system32\drivers\volsnap.sys
0x01AB9000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x01ABE000 \SystemRoot\system32\DRIVERS\tos_sps64.sys
0x01B38000 \SystemRoot\System32\Drivers\spldr.sys
0x01B40000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B7A000 \SystemRoot\System32\Drivers\mup.sys
0x01B8C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B95000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BCF000 \SystemRoot\system32\drivers\disk.sys
0x01600000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x03C11000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03C3B000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x03C6C000 \SystemRoot\System32\Drivers\Null.SYS
0x03C75000 \SystemRoot\System32\Drivers\Beep.SYS
0x03DE5000 \SystemRoot\System32\drivers\vga.sys
0x01630000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03C00000 \SystemRoot\System32\drivers\watchdog.sys
0x03DF3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01BF3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01800000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01809000 \SystemRoot\System32\Drivers\Msfs.SYS
0x017DD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01072000 \SystemRoot\system32\DRIVERS\tdx.sys
0x017EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04286000 \SystemRoot\system32\drivers\afd.sys
0x0430F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04354000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0435D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04383000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04399000 \SystemRoot\system32\DRIVERS\netbios.sys
0x043A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x043C3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04200000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04251000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0425D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04268000 \SystemRoot\System32\drivers\discache.sys
0x043D7000 \SystemRoot\System32\Drivers\dfsc.sys
0x01436000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x01094000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04A22000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02EF0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02E00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x02E46000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x02E57000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E68000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02EBE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0464B000 \SystemRoot\system32\DRIVERS\rtl8192Ce.sys
0x047B8000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x047C5000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x047DA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04600000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05A26000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05B85000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05B87000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05B96000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x05BA0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x05BAD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05BC3000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05BC8000 \SystemRoot\system32\DRIVERS\QIOMem.sys
0x05BD2000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x05BD9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05BE2000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05A00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0460F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05A16000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x010BA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02FE4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x055D4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04A00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05A22000 \SystemRoot\system32\DRIVERS\swenum.sys
0x00FAB000 \SystemRoot\system32\DRIVERS\ks.sys
0x04633000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05CE3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05D3D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06229000 \SystemRoot\system32\drivers\CHDRT64.sys
0x063B8000 \SystemRoot\system32\drivers\portcls.sys
0x06200000 \SystemRoot\system32\drivers\drmk.sys
0x06222000 \SystemRoot\system32\drivers\ksthunk.sys
0x05D52000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x05DA5000 \SystemRoot\System32\drivers\Dxapi.sys
0x05DB1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03C7C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05DBF000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05DD2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005E0000 \SystemRoot\System32\TSDDD.dll
0x006A0000 \SystemRoot\System32\cdd.dll
0x00820000 \SystemRoot\System32\ATMFD.DLL
0x05DE0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05C00000 \SystemRoot\System32\Drivers\usbvideo.sys
0x063F5000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x05C2E000 \SystemRoot\system32\drivers\luafv.sys
0x05C51000 \SystemRoot\system32\drivers\WudfPf.sys
0x05C72000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05C87000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03DD0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x011E0000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07071000 \SystemRoot\system32\drivers\HTTP.sys
0x0713A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0716B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07189000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x071B6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07478000 \SystemRoot\System32\DRIVERS\srv2.sys
0x074E1000 \SystemRoot\System32\DRIVERS\srv.sys
0x07AF5000 \SystemRoot\system32\drivers\peauth.sys
0x07B9B000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07BA6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x76CD0000 \Windows\System32\ntdll.dll
0x48430000 \Windows\System32\smss.exe
0xFEFF0000 \Windows\System32\apisetschema.dll
0xFF550000 \Windows\System32\autochk.exe
0x76B70000 \Windows\System32\wininet.dll
0xFEFC0000 \Windows\System32\sechost.dll
0xFE230000 \Windows\System32\shell32.dll
0xFE1E0000 \Windows\System32\ws2_32.dll
0xFE0D0000 \Windows\System32\msctf.dll
0xFE030000 \Windows\System32\clbcatq.dll
0xFDE20000 \Windows\System32\ole32.dll
0xFDD40000 \Windows\System32\advapi32.dll
0xFDCA0000 \Windows\System32\comdlg32.dll
0xFDC90000 \Windows\System32\lpk.dll
0xFDBC0000 \Windows\System32\usp10.dll
0x76A20000 \Windows\System32\urlmon.dll
0xFDB40000 \Windows\System32\difxapi.dll
0x76EA0000 \Windows\System32\normaliz.dll
0xFDA60000 \Windows\System32\oleaut32.dll
0xFD880000 \Windows\System32\setupapi.dll
0x76E90000 \Windows\System32\psapi.dll
0xFD860000 \Windows\System32\imagehlp.dll
0xFD850000 \Windows\System32\nsi.dll
0xFD720000 \Windows\System32\rpcrt4.dll
0x76900000 \Windows\System32\kernel32.dll
0xFD6B0000 \Windows\System32\gdi32.dll
0x76800000 \Windows\System32\user32.dll
0xFD610000 \Windows\System32\msvcrt.dll
0xFD5B0000 \Windows\System32\Wldap32.dll
0x765F0000 \Windows\System32\iertutil.dll
0xFD580000 \Windows\System32\imm32.dll
0xFD500000 \Windows\System32\shlwapi.dll
0xFD490000 \Windows\System32\KernelBase.dll
0xFD450000 \Windows\System32\cfgmgr32.dll
0xFD410000 \Windows\System32\wintrust.dll
0xFD370000 \Windows\System32\comctl32.dll
0xFD200000 \Windows\System32\crypt32.dll
0xFD1E0000 \Windows\System32\devobj.dll
0xFD1D0000 \Windows\System32\msasn1.dll
0x75880000 \Windows\SysWOW64\normaliz.dll

Processes (total 80):
0 System Idle Process
4 System
332 C:\Windows\System32\smss.exe
428 csrss.exe
480 C:\Windows\System32\wininit.exe
512 csrss.exe
540 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
692 C:\Windows\System32\svchost.exe
764 C:\Windows\System32\winlogon.exe
824 C:\Windows\System32\svchost.exe
880 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
120 C:\Windows\System32\svchost.exe
384 C:\Windows\System32\svchost.exe
444 C:\Windows\System32\svchost.exe
808 C:\Windows\System32\audiodg.exe
1044 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\spoolsv.exe
1548 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1700 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1736 C:\Program Files\Bonjour\mDNSResponder.exe
1760 C:\Windows\System32\svchost.exe
1796 C:\Windows\System32\svchost.exe
1832 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
2036 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\TODDSrv.exe
1140 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
1204 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1828 C:\Program Files\Toshiba\TECO\TecoService.exe
1936 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2308 C:\Windows\System32\dwm.exe
2324 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
2336 C:\Windows\System32\taskeng.exe
2368 C:\Windows\System32\taskhost.exe
2476 C:\Windows\explorer.exe
2876 C:\Windows\System32\igfxtray.exe
2884 C:\Windows\System32\hkcmd.exe
2892 C:\Windows\System32\igfxpers.exe
2900 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
2928 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
2988 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
3000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3016 C:\Program Files\Toshiba\TECO\Teco.exe
3028 C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe
1556 C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe
2660 C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
2640 C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
3260 WmiPrvSE.exe
3372 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3380 C:\Program Files\Microsoft Security Client\msseces.exe
3436 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3476 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3576 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3748 C:\Program Files\Windows Sidebar\sidebar.exe
3844 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
3852 C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
3876 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3176 C:\Windows\System32\SearchIndexer.exe
960 C:\Program Files\iPod\bin\iPodService.exe
3788 C:\Program Files\Windows Media Player\wmpnetwk.exe
3604 C:\Windows\System32\SearchProtocolHost.exe
3712 C:\Windows\System32\SearchFilterHost.exe
3928 C:\Windows\System32\svchost.exe
3328 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4452 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
4576 WmiPrvSE.exe
5040 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
1288 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
1076 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
4512 C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
4664 C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
4676 C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
1888 C:\Windows\System32\sppsvc.exe
2604 <unknown>
3488 <unknown>
4276 C:\Users\Huffman\Desktop\MBRCheck.exe
4312 C:\Windows\System32\conhost.exe
4384 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK7575GSX, Rev: GT001M

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!

Attached Files



#4 Bill_

Bill_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 08 January 2012 - 11:39 AM

I should also mention I'm having an issue with the windows firewall also. It seems to be disabled, and when I try to turn it on, it says it can't be turned on and returns an error code 0x8007040424.

Thanks,
Bill

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:21 AM

Posted 08 January 2012 - 01:02 PM

Hello Bill_,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKIller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 Bill_

Bill_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 08 January 2012 - 05:32 PM

Ran those 2. TDSSKiller didn't seem to find anything. Combofix raqn with no issues. After Combofix ran, firefox wouldn't start, saying a registry key was scheduled for deletion. I restarted the computer, then Firefox ran ok. But after that restart, MSE popped up and said it found Aleuron.tk and Sirefef.B. So it appears there is still some kind of issue.

Here are the logs:

14:35:33.0224 5604 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:35:33.0664 5604 ============================================================
14:35:33.0664 5604 Current date / time: 2012/01/08 14:35:33.0664
14:35:33.0664 5604 SystemInfo:
14:35:33.0664 5604
14:35:33.0664 5604 OS Version: 6.1.7601 ServicePack: 1.0
14:35:33.0664 5604 Product type: Workstation
14:35:33.0664 5604 ComputerName: HUFFMAN-PC
14:35:33.0664 5604 UserName: Huffman
14:35:33.0664 5604 Windows directory: C:\windows
14:35:33.0664 5604 System windows directory: C:\windows
14:35:33.0664 5604 Running under WOW64
14:35:33.0664 5604 Processor architecture: Intel x64
14:35:33.0664 5604 Number of processors: 4
14:35:33.0664 5604 Page size: 0x1000
14:35:33.0664 5604 Boot type: Normal boot
14:35:33.0664 5604 ============================================================
14:35:33.0994 5604 Initialize success
14:35:37.0434 0992 ============================================================
14:35:37.0434 0992 Scan started
14:35:37.0434 0992 Mode: Manual;
14:35:37.0434 0992 ============================================================
14:35:38.0114 0992 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
14:35:38.0124 0992 1394ohci - ok
14:35:38.0404 0992 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
14:35:38.0404 0992 ACPI - ok
14:35:38.0654 0992 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
14:35:38.0654 0992 AcpiPmi - ok
14:35:38.0944 0992 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
14:35:38.0954 0992 adp94xx - ok
14:35:39.0215 0992 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
14:35:39.0215 0992 adpahci - ok
14:35:39.0465 0992 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
14:35:39.0465 0992 adpu320 - ok
14:35:39.0725 0992 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
14:35:39.0735 0992 AFD - ok
14:35:39.0965 0992 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
14:35:39.0965 0992 agp440 - ok
14:35:40.0225 0992 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
14:35:40.0225 0992 aliide - ok
14:35:40.0465 0992 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
14:35:40.0465 0992 amdide - ok
14:35:40.0695 0992 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
14:35:40.0695 0992 AmdK8 - ok
14:35:40.0925 0992 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
14:35:40.0935 0992 AmdPPM - ok
14:35:41.0165 0992 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
14:35:41.0165 0992 amdsata - ok
14:35:41.0405 0992 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
14:35:41.0405 0992 amdsbs - ok
14:35:41.0655 0992 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
14:35:41.0655 0992 amdxata - ok
14:35:41.0895 0992 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
14:35:41.0905 0992 AppID - ok
14:35:42.0165 0992 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
14:35:42.0165 0992 arc - ok
14:35:42.0405 0992 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
14:35:42.0405 0992 arcsas - ok
14:35:42.0635 0992 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
14:35:42.0635 0992 AsyncMac - ok
14:35:42.0895 0992 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
14:35:42.0895 0992 atapi - ok
14:35:43.0175 0992 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
14:35:43.0175 0992 b06bdrv - ok
14:35:43.0445 0992 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
14:35:43.0445 0992 b57nd60a - ok
14:35:43.0695 0992 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
14:35:43.0695 0992 Beep - ok
14:35:43.0955 0992 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
14:35:43.0955 0992 blbdrive - ok
14:35:44.0255 0992 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
14:35:44.0255 0992 bowser - ok
14:35:44.0515 0992 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
14:35:44.0515 0992 BrFiltLo - ok
14:35:44.0745 0992 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
14:35:44.0745 0992 BrFiltUp - ok
14:35:45.0005 0992 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
14:35:45.0005 0992 Brserid - ok
14:35:45.0255 0992 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
14:35:45.0255 0992 BrSerWdm - ok
14:35:45.0495 0992 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
14:35:45.0495 0992 BrUsbMdm - ok
14:35:45.0735 0992 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
14:35:45.0735 0992 BrUsbSer - ok
14:35:45.0965 0992 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
14:35:45.0965 0992 BTHMODEM - ok
14:35:46.0245 0992 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
14:35:46.0245 0992 cdfs - ok
14:35:46.0505 0992 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
14:35:46.0505 0992 cdrom - ok
14:35:46.0745 0992 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
14:35:46.0745 0992 circlass - ok
14:35:46.0965 0992 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
14:35:46.0975 0992 CLFS - ok
14:35:47.0235 0992 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
14:35:47.0245 0992 CmBatt - ok
14:35:47.0465 0992 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
14:35:47.0465 0992 cmdide - ok
14:35:47.0735 0992 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
14:35:47.0745 0992 CNG - ok
14:35:48.0035 0992 CnxtHdAudService (20506f12afad3db588d007ea9325fbbc) C:\windows\system32\drivers\CHDRT64.sys
14:35:48.0045 0992 CnxtHdAudService - ok
14:35:48.0305 0992 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
14:35:48.0305 0992 Compbatt - ok
14:35:48.0535 0992 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
14:35:48.0545 0992 CompositeBus - ok
14:35:48.0775 0992 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
14:35:48.0775 0992 crcdisk - ok
14:35:49.0055 0992 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
14:35:49.0065 0992 DfsC - ok
14:35:49.0325 0992 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
14:35:49.0325 0992 discache - ok
14:35:49.0565 0992 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
14:35:49.0565 0992 Disk - ok
14:35:49.0825 0992 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
14:35:49.0825 0992 drmkaud - ok
14:35:50.0085 0992 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
14:35:50.0095 0992 DXGKrnl - ok
14:35:50.0466 0992 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
14:35:50.0496 0992 ebdrv - ok
14:35:50.0756 0992 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
14:35:50.0766 0992 elxstor - ok
14:35:50.0996 0992 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
14:35:51.0006 0992 ErrDev - ok
14:35:51.0306 0992 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
14:35:51.0306 0992 exfat - ok
14:35:51.0536 0992 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
14:35:51.0546 0992 fastfat - ok
14:35:51.0806 0992 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
14:35:51.0806 0992 fdc - ok
14:35:52.0046 0992 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
14:35:52.0046 0992 FileInfo - ok
14:35:52.0296 0992 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
14:35:52.0296 0992 Filetrace - ok
14:35:52.0516 0992 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
14:35:52.0516 0992 flpydisk - ok
14:35:52.0726 0992 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
14:35:52.0736 0992 FltMgr - ok
14:35:52.0966 0992 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
14:35:52.0966 0992 FsDepends - ok
14:35:53.0186 0992 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
14:35:53.0186 0992 Fs_Rec - ok
14:35:53.0416 0992 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
14:35:53.0416 0992 fvevol - ok
14:35:53.0646 0992 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
14:35:53.0646 0992 gagp30kx - ok
14:35:53.0926 0992 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
14:35:53.0926 0992 GEARAspiWDM - ok
14:35:54.0186 0992 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
14:35:54.0186 0992 hcw85cir - ok
14:35:54.0426 0992 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
14:35:54.0426 0992 HdAudAddService - ok
14:35:54.0706 0992 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
14:35:54.0706 0992 HDAudBus - ok
14:35:54.0916 0992 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
14:35:54.0916 0992 HidBatt - ok
14:35:55.0146 0992 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
14:35:55.0146 0992 HidBth - ok
14:35:55.0376 0992 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
14:35:55.0376 0992 HidIr - ok
14:35:55.0626 0992 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
14:35:55.0626 0992 HidUsb - ok
14:35:55.0886 0992 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
14:35:55.0896 0992 HpSAMD - ok
14:35:56.0176 0992 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
14:35:56.0186 0992 HTTP - ok
14:35:56.0406 0992 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
14:35:56.0406 0992 hwpolicy - ok
14:35:56.0646 0992 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
14:35:56.0646 0992 i8042prt - ok
14:35:56.0876 0992 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
14:35:56.0876 0992 iaStor - ok
14:35:57.0116 0992 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
14:35:57.0126 0992 iaStorV - ok
14:35:57.0616 0992 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
14:35:57.0826 0992 igfx - ok
14:35:58.0046 0992 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
14:35:58.0046 0992 iirsp - ok
14:35:58.0296 0992 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
14:35:58.0306 0992 IntcDAud - ok
14:35:58.0536 0992 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
14:35:58.0536 0992 intelide - ok
14:35:58.0816 0992 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
14:35:58.0816 0992 intelppm - ok
14:35:59.0046 0992 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
14:35:59.0046 0992 IpFilterDriver - ok
14:35:59.0266 0992 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
14:35:59.0266 0992 IPMIDRV - ok
14:35:59.0506 0992 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
14:35:59.0506 0992 IPNAT - ok
14:35:59.0746 0992 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
14:35:59.0746 0992 IRENUM - ok
14:35:59.0986 0992 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
14:35:59.0986 0992 isapnp - ok
14:36:00.0206 0992 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
14:36:00.0216 0992 iScsiPrt - ok
14:36:00.0446 0992 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
14:36:00.0446 0992 kbdclass - ok
14:36:00.0666 0992 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
14:36:00.0676 0992 kbdhid - ok
14:36:00.0896 0992 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
14:36:00.0896 0992 KSecDD - ok
14:36:01.0146 0992 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
14:36:01.0146 0992 KSecPkg - ok
14:36:01.0376 0992 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
14:36:01.0376 0992 ksthunk - ok
14:36:01.0626 0992 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys
14:36:01.0626 0992 L1C - ok
14:36:01.0876 0992 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
14:36:01.0876 0992 lltdio - ok
14:36:02.0156 0992 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
14:36:02.0156 0992 LSI_FC - ok
14:36:02.0407 0992 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
14:36:02.0407 0992 LSI_SAS - ok
14:36:02.0647 0992 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
14:36:02.0647 0992 LSI_SAS2 - ok
14:36:02.0947 0992 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
14:36:02.0947 0992 LSI_SCSI - ok
14:36:03.0167 0992 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
14:36:03.0167 0992 luafv - ok
14:36:03.0397 0992 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
14:36:03.0397 0992 megasas - ok
14:36:03.0617 0992 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
14:36:03.0627 0992 MegaSR - ok
14:36:03.0857 0992 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
14:36:03.0857 0992 MEIx64 - ok
14:36:04.0087 0992 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
14:36:04.0087 0992 Modem - ok
14:36:04.0317 0992 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
14:36:04.0317 0992 monitor - ok
14:36:04.0557 0992 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
14:36:04.0557 0992 mouclass - ok
14:36:04.0787 0992 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
14:36:04.0787 0992 mouhid - ok
14:36:05.0067 0992 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
14:36:05.0067 0992 mountmgr - ok
14:36:05.0307 0992 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
14:36:05.0307 0992 MpFilter - ok
14:36:05.0537 0992 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
14:36:05.0537 0992 mpio - ok
14:36:05.0767 0992 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
14:36:05.0767 0992 MpNWMon - ok
14:36:05.0997 0992 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
14:36:05.0997 0992 mpsdrv - ok
14:36:06.0215 0992 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
14:36:06.0231 0992 MRxDAV - ok
14:36:06.0449 0992 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
14:36:06.0449 0992 mrxsmb - ok
14:36:06.0699 0992 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
14:36:06.0699 0992 mrxsmb10 - ok
14:36:06.0948 0992 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
14:36:06.0948 0992 mrxsmb20 - ok
14:36:07.0182 0992 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
14:36:07.0182 0992 msahci - ok
14:36:07.0401 0992 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
14:36:07.0401 0992 msdsm - ok
14:36:07.0682 0992 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
14:36:07.0682 0992 Msfs - ok
14:36:07.0916 0992 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
14:36:07.0916 0992 mshidkmdf - ok
14:36:08.0134 0992 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
14:36:08.0134 0992 msisadrv - ok
14:36:08.0384 0992 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
14:36:08.0384 0992 MSKSSRV - ok
14:36:08.0633 0992 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
14:36:08.0633 0992 MSPCLOCK - ok
14:36:08.0914 0992 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
14:36:08.0914 0992 MSPQM - ok
14:36:09.0148 0992 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
14:36:09.0148 0992 MsRPC - ok
14:36:09.0382 0992 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
14:36:09.0382 0992 mssmbios - ok
14:36:09.0616 0992 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
14:36:09.0616 0992 MSTEE - ok
14:36:09.0850 0992 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
14:36:09.0850 0992 MTConfig - ok
14:36:10.0068 0992 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
14:36:10.0068 0992 Mup - ok
14:36:10.0318 0992 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
14:36:10.0318 0992 NativeWifiP - ok
14:36:10.0568 0992 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
14:36:10.0599 0992 NDIS - ok
14:36:10.0817 0992 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
14:36:10.0817 0992 NdisCap - ok
14:36:11.0067 0992 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
14:36:11.0082 0992 NdisTapi - ok
14:36:11.0316 0992 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
14:36:11.0316 0992 Ndisuio - ok
14:36:11.0550 0992 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
14:36:11.0550 0992 NdisWan - ok
14:36:11.0816 0992 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
14:36:11.0816 0992 NDProxy - ok
14:36:12.0050 0992 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
14:36:12.0050 0992 NetBIOS - ok
14:36:12.0284 0992 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
14:36:12.0284 0992 NetBT - ok
14:36:12.0549 0992 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
14:36:12.0549 0992 nfrd960 - ok
14:36:12.0783 0992 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
14:36:12.0783 0992 NisDrv - ok
14:36:13.0048 0992 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
14:36:13.0048 0992 Npfs - ok
14:36:13.0282 0992 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
14:36:13.0282 0992 nsiproxy - ok
14:36:13.0563 0992 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
14:36:13.0594 0992 Ntfs - ok
14:36:13.0812 0992 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
14:36:13.0812 0992 Null - ok
14:36:14.0046 0992 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
14:36:14.0062 0992 nvraid - ok
14:36:14.0296 0992 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
14:36:14.0312 0992 nvstor - ok
14:36:14.0530 0992 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
14:36:14.0530 0992 nv_agp - ok
14:36:14.0764 0992 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
14:36:14.0764 0992 ohci1394 - ok
14:36:15.0045 0992 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
14:36:15.0045 0992 Parport - ok
14:36:15.0294 0992 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
14:36:15.0294 0992 partmgr - ok
14:36:15.0513 0992 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
14:36:15.0513 0992 pci - ok
14:36:15.0731 0992 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
14:36:15.0731 0992 pciide - ok
14:36:15.0965 0992 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
14:36:15.0965 0992 pcmcia - ok
14:36:16.0199 0992 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
14:36:16.0199 0992 pcw - ok
14:36:16.0449 0992 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
14:36:16.0464 0992 PEAUTH - ok
14:36:16.0730 0992 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
14:36:16.0730 0992 PGEffect - ok
14:36:17.0010 0992 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
14:36:17.0010 0992 Point64 - ok
14:36:17.0276 0992 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
14:36:17.0276 0992 PptpMiniport - ok
14:36:17.0494 0992 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
14:36:17.0494 0992 Processor - ok
14:36:17.0744 0992 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
14:36:17.0744 0992 Psched - ok
14:36:17.0993 0992 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
14:36:17.0993 0992 QIOMem - ok
14:36:18.0274 0992 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
14:36:18.0290 0992 ql2300 - ok
14:36:18.0524 0992 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
14:36:18.0539 0992 ql40xx - ok
14:36:18.0758 0992 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
14:36:18.0773 0992 QWAVEdrv - ok
14:36:19.0007 0992 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
14:36:19.0007 0992 RasAcd - ok
14:36:19.0241 0992 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
14:36:19.0257 0992 RasAgileVpn - ok
14:36:19.0506 0992 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
14:36:19.0506 0992 Rasl2tp - ok
14:36:19.0756 0992 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
14:36:19.0756 0992 RasPppoe - ok
14:36:19.0990 0992 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
14:36:19.0990 0992 RasSstp - ok
14:36:20.0224 0992 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
14:36:20.0224 0992 rdbss - ok
14:36:20.0442 0992 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
14:36:20.0458 0992 rdpbus - ok
14:36:20.0676 0992 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
14:36:20.0692 0992 RDPCDD - ok
14:36:20.0957 0992 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
14:36:20.0957 0992 RDPENCDD - ok
14:36:21.0191 0992 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
14:36:21.0191 0992 RDPREFMP - ok
14:36:21.0425 0992 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
14:36:21.0425 0992 RDPWD - ok
14:36:21.0675 0992 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
14:36:21.0675 0992 rdyboost - ok
14:36:21.0956 0992 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
14:36:21.0956 0992 rspndr - ok
14:36:22.0190 0992 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
14:36:22.0190 0992 RSUSBSTOR - ok
14:36:22.0439 0992 RSUSBVSTOR (e5dc911d0feb72caff2bbdd6e7c3672f) C:\windows\system32\Drivers\RTSUVSTOR.sys
14:36:22.0455 0992 RSUSBVSTOR - ok
14:36:22.0704 0992 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
14:36:22.0720 0992 RTL8192Ce - ok
14:36:22.0954 0992 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
14:36:22.0954 0992 sbp2port - ok
14:36:23.0204 0992 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
14:36:23.0204 0992 scfilter - ok
14:36:23.0453 0992 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
14:36:23.0453 0992 secdrv - ok
14:36:23.0687 0992 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
14:36:23.0703 0992 Serenum - ok
14:36:23.0937 0992 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
14:36:23.0937 0992 Serial - ok
14:36:24.0186 0992 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
14:36:24.0186 0992 sermouse - ok
14:36:24.0420 0992 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
14:36:24.0420 0992 sffdisk - ok
14:36:24.0639 0992 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
14:36:24.0639 0992 sffp_mmc - ok
14:36:24.0888 0992 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
14:36:24.0904 0992 sffp_sd - ok
14:36:25.0122 0992 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
14:36:25.0138 0992 sfloppy - ok
14:36:25.0356 0992 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
14:36:25.0372 0992 SiSRaid2 - ok
14:36:25.0590 0992 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
14:36:25.0590 0992 SiSRaid4 - ok
14:36:25.0824 0992 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
14:36:25.0824 0992 Smb - ok
14:36:26.0058 0992 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
14:36:26.0074 0992 spldr - ok
14:36:26.0324 0992 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
14:36:26.0339 0992 srv - ok
14:36:26.0558 0992 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
14:36:26.0573 0992 srv2 - ok
14:36:26.0807 0992 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
14:36:26.0807 0992 SrvHsfHDA - ok
14:36:27.0088 0992 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
14:36:27.0119 0992 SrvHsfV92 - ok
14:36:27.0353 0992 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
14:36:27.0369 0992 SrvHsfWinac - ok
14:36:27.0603 0992 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
14:36:27.0603 0992 srvnet - ok
14:36:27.0852 0992 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
14:36:27.0852 0992 stexstor - ok
14:36:28.0102 0992 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
14:36:28.0102 0992 swenum - ok
14:36:28.0383 0992 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
14:36:28.0398 0992 SynTP - ok
14:36:28.0679 0992 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
14:36:28.0695 0992 Tcpip - ok
14:36:28.0976 0992 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
14:36:28.0991 0992 TCPIP6 - ok
14:36:29.0225 0992 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
14:36:29.0225 0992 tcpipreg - ok
14:36:29.0459 0992 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
14:36:29.0459 0992 tdcmdpst - ok
14:36:29.0678 0992 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
14:36:29.0693 0992 TDPIPE - ok
14:36:29.0912 0992 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
14:36:29.0912 0992 TDTCP - ok
14:36:30.0161 0992 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
14:36:30.0161 0992 tdx - ok
14:36:30.0395 0992 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
14:36:30.0395 0992 TermDD - ok
14:36:30.0707 0992 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
14:36:30.0723 0992 tos_sps64 - ok
14:36:30.0988 0992 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
14:36:30.0988 0992 tssecsrv - ok
14:36:31.0238 0992 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
14:36:31.0238 0992 TsUsbFlt - ok
14:36:31.0456 0992 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
14:36:31.0456 0992 TsUsbGD - ok
14:36:31.0706 0992 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
14:36:31.0706 0992 tunnel - ok
14:36:31.0940 0992 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
14:36:31.0955 0992 TVALZ - ok
14:36:32.0158 0992 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
14:36:32.0158 0992 TVALZFL - ok
14:36:32.0392 0992 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
14:36:32.0392 0992 uagp35 - ok
14:36:32.0626 0992 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
14:36:32.0642 0992 udfs - ok
14:36:32.0876 0992 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
14:36:32.0876 0992 uliagpkx - ok
14:36:33.0141 0992 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
14:36:33.0141 0992 umbus - ok
14:36:33.0344 0992 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
14:36:33.0344 0992 UmPass - ok
14:36:33.0624 0992 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
14:36:33.0624 0992 USBAAPL64 - ok
14:36:33.0843 0992 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
14:36:33.0843 0992 usbccgp - ok
14:36:34.0061 0992 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
14:36:34.0061 0992 usbcir - ok
14:36:34.0280 0992 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
14:36:34.0280 0992 usbehci - ok
14:36:34.0514 0992 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
14:36:34.0514 0992 usbhub - ok
14:36:34.0732 0992 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
14:36:34.0748 0992 usbohci - ok
14:36:34.0997 0992 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
14:36:34.0997 0992 usbprint - ok
14:36:35.0231 0992 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
14:36:35.0247 0992 USBSTOR - ok
14:36:35.0465 0992 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
14:36:35.0481 0992 usbuhci - ok
14:36:35.0699 0992 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
14:36:35.0699 0992 usbvideo - ok
14:36:35.0949 0992 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
14:36:35.0949 0992 vdrvroot - ok
14:36:36.0183 0992 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
14:36:36.0183 0992 vga - ok
14:36:36.0401 0992 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
14:36:36.0401 0992 VgaSave - ok
14:36:36.0620 0992 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
14:36:36.0635 0992 vhdmp - ok
14:36:36.0885 0992 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
14:36:36.0885 0992 viaide - ok
14:36:37.0134 0992 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
14:36:37.0134 0992 volmgr - ok
14:36:37.0368 0992 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
14:36:37.0384 0992 volmgrx - ok
14:36:37.0618 0992 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
14:36:37.0634 0992 volsnap - ok
14:36:37.0868 0992 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
14:36:37.0883 0992 vsmraid - ok
14:36:38.0133 0992 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
14:36:38.0133 0992 vwifibus - ok
14:36:38.0382 0992 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
14:36:38.0382 0992 vwififlt - ok
14:36:38.0648 0992 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
14:36:38.0648 0992 WacomPen - ok
14:36:38.0928 0992 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
14:36:38.0944 0992 WANARP - ok
14:36:38.0960 0992 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
14:36:38.0960 0992 Wanarpv6 - ok
14:36:39.0178 0992 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
14:36:39.0178 0992 Wd - ok
14:36:39.0443 0992 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
14:36:39.0459 0992 Wdf01000 - ok
14:36:39.0724 0992 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
14:36:39.0740 0992 WfpLwf - ok
14:36:39.0958 0992 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
14:36:39.0958 0992 WIMMount - ok
14:36:40.0223 0992 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
14:36:40.0223 0992 WinUsb - ok
14:36:40.0457 0992 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
14:36:40.0457 0992 WmiAcpi - ok
14:36:40.0707 0992 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
14:36:40.0707 0992 ws2ifsl - ok
14:36:40.0941 0992 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
14:36:40.0941 0992 WudfPf - ok
14:36:41.0206 0992 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
14:36:41.0222 0992 WUDFRd - ok
14:36:41.0268 0992 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
14:36:41.0331 0992 \Device\Harddisk0\DR0 - ok
14:36:41.0346 0992 Boot (0x1200) (5a8cfa1a10e6e40b76b536fbcfa6a759) \Device\Harddisk0\DR0\Partition0
14:36:41.0346 0992 \Device\Harddisk0\DR0\Partition0 - ok
14:36:41.0346 0992 ============================================================
14:36:41.0346 0992 Scan finished
14:36:41.0346 0992 ============================================================
14:36:41.0378 3428 Detected object count: 0
14:36:41.0378 3428 Actual detected object count: 0
14:37:05.0121 5756 Deinitialize success


ComboFix 12-01-07.03 - Huffman 01/08/2012 17:14:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4227 [GMT -5:00]
Running from: c:\users\Huffman\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
c:\windows\assembly\temp\kwrd.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-12-08 to 2012-01-08 )))))))))))))))))))))))))))))))
.
.
2012-01-08 22:19 . 2012-01-08 22:19 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56D959E2-C1E2-48F5-A519-A345CD9A2C28}\offreg.dll
2012-01-08 22:18 . 2012-01-08 22:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-08 13:42 . 2011-11-21 08:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56D959E2-C1E2-48F5-A519-A345CD9A2C28}\mpengine.dll
2012-01-08 13:35 . 2011-10-04 22:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BED2DF3E-546C-4B0A-A2DA-F7D601F98FF8}\gapaengine.dll
2012-01-07 02:35 . 2012-01-07 02:35 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-01-07 02:35 . 2012-01-07 02:35 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-06 03:08 . 2012-01-06 03:08 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-06 03:08 . 2012-01-06 03:08 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-06 03:08 . 2012-01-06 03:08 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-06 03:08 . 2012-01-06 03:08 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-04 00:00 . 2012-01-04 00:00 -------- d-----w- c:\users\Huffman\AppData\Roaming\Malwarebytes
2012-01-04 00:00 . 2012-01-04 00:00 -------- d-----w- c:\programdata\Malwarebytes
2012-01-04 00:00 . 2012-01-04 00:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-04 00:00 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-31 00:17 . 2011-11-30 07:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBC57E4A-1691-40F7-BAE2-C8D0D6389D25}\mpengine.dll
2011-12-30 00:50 . 2011-12-30 00:50 -------- d-----w- c:\users\Huffman\AppData\Local\Diagnostics
2011-12-15 02:20 . 2012-01-07 03:17 -------- d-----w- c:\program files\Common Files\special2
2011-12-14 07:11 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 07:11 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 07:11 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 07:11 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 07:10 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 07:10 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-10 14:55 . 2011-12-10 14:55 -------- d-----w- c:\program files (x86)\uTorrent
2011-12-10 14:54 . 2011-12-26 14:58 -------- d-----w- c:\users\Huffman\AppData\Roaming\uTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-11 13:25 . 2011-08-01 07:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-27 19:16 . 2011-11-27 19:17 485576 ----a-w- c:\users\Huffman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2011-11-25 17:49 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-07 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 136176]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 02:16]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 02:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-24 310912]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-06-30 562304]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"combofix"="c:\combofix\CF32478.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Huffman\AppData\Roaming\Mozilla\Firefox\Profiles\hxpmafsd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-01-08 17:23:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-08 22:23
.
Pre-Run: 614,914,375,680 bytes free
Post-Run: 614,889,877,504 bytes free
.
- - End Of File - - 166B7B5808D3D4B65D324D9915CB0235

#7 Bill_

Bill_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 08 January 2012 - 05:39 PM

Also the firewall is still not working, it gets the same error as before.

-Bill

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:21 AM

Posted 08 January 2012 - 05:49 PM

Hello,

MSE is probably picking up Combofix's quarantine or NOrtons or MBAM quarantine.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton or MSE.

If you decide to get rid of Norton please run the following tool:

  • Download the Norton Removal Tool to your desktop.
  • On the Windows desktop, double-click the Norton Removal Tool icon.
  • Follow the on-screen instructions.
    Note:Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts
Norton should now be removed from your PC.


For illustrated instructions please refer to here:
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

The next time MSE finds something Please Note where it is located at and post it here.



Click here to download Kaspersky Virus Removal Tool.
  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop.
  • After that leave what is selected and put a check next to My Computer.
  • Click on the option that says Threat Detection and change it to Disinfect => Do not select, delete if disinfection fails.
  • Then click on Start Scan.
  • Before it is done it may prompt for action regardless of the setting so choose skip if prompted.
  • When the scan is done no log will be produced.
  • Click on the bottom where it says Report to open the report.
  • Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Bill_

Bill_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 08 January 2012 - 10:36 PM

Ok, it found three items. Here is the report:

Status: Detected (events: 3)
1/8/2012 10:10:22 PM Detected Trojan program Backdoor.Win32.ZAccess.aug C:\Windows\assembly\GAC_32\Desktop.ini High
1/8/2012 10:10:22 PM Detected virus HEUR:Backdoor.Win64.Generic C:\Windows\assembly\GAC_64\Desktop.ini High
1/8/2012 10:11:02 PM Detected virus HEUR:Backdoor.Win64.Generic C:\Windows\assembly\temp\U\80000004.@ High


It said disinfection was not possible, so I chose SKIP instead of DELETE.

Thanks,
Bill

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:21 AM

Posted 08 January 2012 - 10:44 PM

1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


2.
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Bill_

Bill_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 09 January 2012 - 11:54 AM

Ok, here they are. Seems to just be a firewall now I guess.


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.09.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Huffman :: HUFFMAN-PC [administrator]

1/9/2012 10:46:49 AM
mbam-log-2012-01-09 (10-46-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186534
Time elapsed: 2 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Farbar Service Scanner
Ran by Huffman (administrator) on 09-01-2012 at 11:52:02
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe
[2011-08-01 02:21] - [2011-03-01 03:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759

C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:21 AM

Posted 09 January 2012 - 06:41 PM

Please download and run the following file: http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe

When done you should receive a message that the BFE service was added successfully and is running OK.


BACKUP THE REGISTRY
---------------------------
Backup Your Registry with ERUNT
  • Please download Erunt
  • Run the setup program to install ERUNT on your computer
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe


We Need to Run a Registry Script

  • Press the Windows Logo in the lower left corner of your screen.
  • In the Posted Image box, enter notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into notepad.
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mpssvc]
    "DisplayName"="@%SystemRoot%\system32\FirewallAPI.dll,-23090"
    "Group"="NetworkProvider"
    "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
      74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
      00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
      6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
      00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00
    "Description"="@%SystemRoot%\system32\FirewallAPI.dll,-23091"
    "ObjectName"="NT Authority\LocalService"
    "ErrorControl"=dword:00000001
    "Start"=dword:00000002
    "Type"=dword:00000020
    "DependOnService"=hex(7):6d,00,70,00,73,00,64,00,72,00,76,00,00,00,62,00,66,00,\
      65,00,00,00,00,00
    "ServiceSidType"=dword:00000003
    "RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\
      00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\
      72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,\
      00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
      00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,\
      00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
      53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,\
      00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
      65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,\
      00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,\
      6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,\
      00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
    "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
      00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mpssvc\Parameters]
    "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
      00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
      6d,00,70,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
    "ServiceDllUnloadOnStop"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mpssvc\Parameters\PortKeywords]
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mpssvc\Security]
    "Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,\
      00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
      00,00,02,00,84,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
      05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
      20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
      00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,15,00,\
      00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,\
      0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
      00,00,00,05,12,00,00,00
    
    
  • Select File -> Save.
  • Press the Desktop button on the left side of the save dialog.
  • In the Posted Image box, type in Fix.reg.
  • Press Posted Image.
  • Close Notepad.
  • Double click Posted Image on your desktop.
  • Press Yes if prompted by User Account Control.
  • Press Yes, and then Ok, when prompted.
  • Right click on Posted Image and choose Delete.
  • Press Yes.

After all this, restart the computer and see if the firewall works. If not, post me a new FSS log.
[/quote]

Edited by fireman4it, 09 January 2012 - 06:45 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Bill_

Bill_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 09 January 2012 - 08:31 PM

RestoreBFE says "Error - this tool does not apply to you." Not sure if I should proceed with the other steps or not.

=Bill

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:21 AM

Posted 09 January 2012 - 11:33 PM

Hello,

Skip it for now and try this instead.

Download both the registry files

http://www.mediafire.com/?317ea53a883288d

http://www.mediafire.com/?z6aw8j7997qa7j9

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service
[/quote]


Firewall working now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Bill_

Bill_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 10 January 2012 - 07:01 AM

Ok, I got to the point of starting the BFE service after changing the permissions. The only choices were STOP or RESTART. I picked restart, but it said it couldn't restart due to error 1051, it can't stop because other services are dependent on this one. But I checked the firewall at that point, and it did turn on and seems to be working now.

-Bill




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users