Jump to content

divinetiger

Honorary Members
 View Profile  See their activity

  • Posts

    27

  • Joined

  • Last visited

Reputation

0 Neutral
  1. divinetiger
    QuickScan Beta 32-bit v0.9.9.96 ------------------------------- Scan date: Mon Jun 27 21:08:55 2011 Machine ID: B0344BB5 No infection found. ------------------- Processes --------- Adobe Reader and Acrobat Manager 4084 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ConfigFree 3536 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe ConfigFree 3000 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe HD Audio Control Panel 2252 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe Intel® Common User Interface 2220 C:\Windows\System32\hkcmd.exe Intel® Common User Interface 3460 C:\Windows\System32\igfxext.exe Intel® Common User Interface 2228 C:\Windows\System32\igfxpers.exe Intel® Common User Interface 2372 C:\Windows\System32\igfxsrvc.exe Intel® Common User Interface 2212 C:\Windows\System32\igfxtray.exe Microsoft® Windows® Operating System 1732 C:\Windows\explorer.exe Microsoft® Windows® Operating System 2892 C:\Windows\System32\taskeng.exe Synaptics Pointing Device Driver 2272 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe TOSHIBA Flash Cards 3488 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe TOSHIBA HDD SSD Alert 6108 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe TOSHIBA Service Station 3504 C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe TOSHIBA Zooming Utility 3472 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe Windows® Internet Explorer 592 C:\Program Files\Internet Explorer\iexplore.exe Windows® Internet Explorer 4172 C:\Program Files\Internet Explorer\iexplore.exe (verified) GoogleToolbarNotifier 1672 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (verified) Microsoft® Windows® Operating System 1720 C:\Windows\System32\dwm.exe (verified) Microsoft® Windows® Operating System 1744 C:\Windows\System32\taskhost.exe Network activity ---------------- Process iexplore.exe (4172) connected on port 80 (HTTP) --> 69.147.86.184 Process iexplore.exe (4172) connected on port 80 (HTTP) --> 63.110.246.9 Process iexplore.exe (4172) connected on port 80 (HTTP) --> 63.110.246.43 Process iexplore.exe (4172) connected on port 80 (HTTP) --> 74.125.224.162 Process iexplore.exe (4172) connected on port 80 (HTTP) --> 69.171.224.13 Process iexplore.exe (4172) connected on port 80 (HTTP) --> 63.110.246.9 Process iexplore.exe (4172) connected on port 80 (HTTP) --> 66.235.142.24 Autoruns and critical files --------------------------- HWSetup C:\Program Files\TOSHIBA\Utilities\HWSetup.exe Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe HD Audio Control Panel C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe Intel® Common User Interface C:\Windows\System32\hkcmd.exe Intel® Common User Interface C:\windows\system32\igfxdev.dll Intel® Common User Interface C:\Windows\System32\igfxpers.exe Intel® Common User Interface C:\Windows\System32\igfxtray.exe KeNotify Application C:\Program Files\TOSHIBA\Utilities\KeNotify.exe Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe MyToshiba C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe QuickTime C:\Program Files\QuickTime\QTTask.exe SVPWUTIL Application C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe TOSHIBA Flash Cards C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe TOSHIBA HDD SSD Alert C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe Toshiba Online Backup C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe TOSHIBA Power Saver C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE TOSHIBA Service Station C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe TOSHIBA Zooming Utility C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe Windows® Internet Explorer c:\windows\system32\webcheck.dll (verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe Browser plugins --------------- AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll Google Update C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll Java Platform SE 6 U14 C:\Program Files\Java\jre6\bin\jp2ssv.dll Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll Symantec Intrusion Detection C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL Windows Live Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll Windows® Internet Explorer C:\windows\system32\IEFRAME.dll (verified) Microsoft® Windows® Operating System C:\windows\system32\mswsock.dll (verified) Microsoft® Windows® Operating System C:\windows\system32\napinsp.dll (verified) Microsoft® Windows® Operating System C:\windows\system32\NLAapi.dll (verified) Microsoft® Windows® Operating System C:\windows\system32\pnrpnsp.dll (verified) Microsoft® Windows® Operating System C:\windows\System32\winrnr.dll Scan ---- MD5: 12673bcf7b32087df63f0cff550ea40b C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe MD5: c3104be7d2b689ebe47e2aac64c07530 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll MD5: 203a74767eb81f96a5166b1933db46d0 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll MD5: bad6bea0de1f69c82bdb74378ce0c20a C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe MD5: 6bf01e200063d7274f3af06d226671f5 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll MD5: da579734b4375740efee86ffdfed57a7 C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL MD5: 9d4a1690af93f233e15380398bec7431 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL MD5: 0a70f4022ec2e14c159efc4f69aa2477 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE MD5: 5461f01b7def17dc90d90b029f874c3b C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys MD5: 17fcc372d03ba39f3aee85198c0ec594 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys MD5: 45fd64f0c2b5fd2856e453d87d1cd2ca C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx MD5: 085940dbb5db03b0c60774d193a3b48d C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll MD5: bd43a986fa0dc0cbf672638a8de444db C:\Program Files\Internet Explorer\ieproxy.dll MD5: 64efaf916c4009f1b84153d0bb491fb0 C:\Program Files\Internet Explorer\iexplore.exe MD5: 4da979e6a3269922a16d4653aef26d7f C:\Program Files\Internet Explorer\plugins\nppdf32.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll MD5: 192e39c717013a0bd532b33ac29d6e7d C:\Program Files\Java\jre6\bin\jp2ssv.dll MD5: 2487c45b64790fc210547919f18fac71 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe MD5: 545f106781b7ab23651e77c8e5e104c9 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll MD5: ec60491a5ff57700f10fe0403f7dcad4 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe MD5: 74ca33b3daac6c4f1de9df67ff61b9ec c:\Program Files\Microsoft Silverlight\4.0.60531.0\agcore.dll MD5: c3e42cbf8215171a524d123a54ae3233 c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll MD5: db7951146ca1e218e1d3bcff115848a3 C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccIPC.dll MD5: 7a03683fdec05543a5cf7aa968129a1f C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccL100U.dll MD5: 6fee15b53d624e06d86759258e1f6a9c C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSet.dll MD5: e78a365cc3e0fbfc018a33dce01909f8 C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe MD5: abff5f1e970dbc68e2cae682378dc717 C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccVrTrst.dll MD5: 177364f26f682529220af4906131dc2a C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\EFACli.dll MD5: 21215b293e3af3126d313b2be33723ca C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL MD5: f19b57aac14afdc17ce9385e93d0c35d C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\NavShExt.dll MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\QTTask.exe MD5: 967dcd9f36aaea34fe859c9b82e6a4b9 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe MD5: 778b2333591e9d28063d491456da18be C:\Program Files\Synaptics\SynTP\SynTPEnh.exe MD5: c44d560e441f091ea3b72f778ec60de2 C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe MD5: 1f8a319d29394f9ce1b7ae020df2ebbf C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe MD5: 2b2c711d49e745113fa682d72a3efa8f C:\Program Files\Toshiba\ConfigFree\CFNotify.dll MD5: cab0eeaf5295fc96ddd3e19dce27e131 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe MD5: 8a07221789d46b2ea7dfca2bc807572a C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe MD5: 995dfc3b647849e31942e13fa2017b11 C:\Program Files\TOSHIBA\ConfigFree\CFWLAPI.dll MD5: c7f070bdd9700bd4a482401334d3488e C:\Program Files\TOSHIBA\ConfigFree\NDSAPI.dll MD5: 15936a348676d246a41a4781e6a34692 C:\Program Files\TOSHIBA\ConfigFree\NDSMUI.dll MD5: adb67488447d0ff271355a4451ed6c73 C:\Program Files\TOSHIBA\ConfigFree\NDSParts.dll MD5: 9d77e8a2ee92e9dafac88defcf6d777d C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe MD5: 4b0277f08085fb78113fc157dbf2d596 C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll MD5: c6a0c54abd119b5f3c52630f08be6040 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnEsc.dll MD5: 81ca32efcf10c09b9e8b0387f9479074 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF1.dll MD5: 0803424c3751b2f96df8e270e7157bf1 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF3.dll MD5: 08415dc2e0df45d52a0436587adb64ca C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF4.dll MD5: 3010b6f95bb33f44eecf1601ab28fab6 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF5.dll MD5: 05b9079a6663e3c6859e5515145c4951 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF67.dll MD5: 348643bed4f3b17b7199b15392f14974 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll MD5: 71e22e0be06a21070af772c7b499cfbe C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF9.dll MD5: f52beec973908e99f5b9ff30c8f0800e C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnSpace.dll MD5: 655dc8c88a87c587ec2f0a4f8990adc9 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll MD5: 31affaa5c75fdcd3e646ca571367f902 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe MD5: 815cbbbac9f4d44081955abbc9544930 C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe MD5: 43804516e0a84bede6a430869f48cda5 C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll MD5: 3d3782ac3e1260aac90139bda4b28a4b C:\Program Files\TOSHIBA\Power Saver\TFunc2.DLL MD5: 803051e1a6f884d9842c078aa09bdff7 C:\Program Files\TOSHIBA\Power Saver\TFunctab.DLL MD5: 451b09ba1a0d019ba0b5a27229559d55 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe MD5: db0e503edf7c9030731070db5eda0cea C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE MD5: 970655fc35afce065761c0e49adcd69e C:\Program Files\TOSHIBA\SmoothView\NotifyTZU.dll MD5: a11f5ee731cd48f3dc509e2d180e1af0 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe MD5: 5c651246cd24095952f976a754c6b110 C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll MD5: faaaf481cc851ce9a1a35d53bd8163db C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll MD5: 2c8b811e17b0c72a7ffd5b8cbdcc9535 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll MD5: 19078af6c597283c207d600d0467ffa0 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe MD5: 67c1da40d78c92622081a3e780c926b2 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe MD5: a9bc134691e76eb00f0739046d433447 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe MD5: 8c56e9074f2586411a850738edc865b7 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TReport.dll MD5: d56efa2023bf17d457f9acdad5f14689 C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe MD5: a462c5624734ffd14921c8ea8c943952 C:\Program Files\TOSHIBA\TOSHIBA Service Station\FilterLib.dll MD5: c6125209b096f69fe2051d42aa5e84af C:\Program Files\TOSHIBA\TOSHIBA Service Station\Interop.TosNcCom.dll MD5: fbf533340c1e1928882a3808f5747732 C:\Program Files\TOSHIBA\TOSHIBA Service Station\libTMachInfo.dll MD5: a946a10be2dd0cb1ba9dba2bf6b8bf28 C:\Program Files\TOSHIBA\TOSHIBA Service Station\PluginLib.dll MD5: f0c64ac731a59439c76718f80bf25786 C:\Program Files\TOSHIBA\TOSHIBA Service Station\Plugins\Alerts.dll MD5: 1ee738ec1dad2ca2e9c13a9199f1c2d7 C:\Program Files\TOSHIBA\TOSHIBA Service Station\Plugins\PCHealthInfo.dll MD5: d3b098143e675cdc617671bc0aa2224f C:\Program Files\TOSHIBA\TOSHIBA Service Station\Plugins\SwUpdates.dll MD5: 83e91963c4452be6899503cf9ebfd3ed C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe MD5: b810b8c3ea2658054c931b5713d7c206 C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe MD5: 5f91764211d1517c15c9d2c4ed665a09 C:\Program Files\TOSHIBA\Utilities\HWSetup.exe MD5: c5b2679b0ae204fdd0415199b7afef20 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe MD5: eb19e5ce71b9410fa81e3672af2f8146 C:\Program Files\TOSHIBA\Utilities\NotifyX.dll MD5: e579644a3f6196bdd8d1b00ec12fc7e6 C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe MD5: 8cda1de44af2a3ac81462a02d0fc228a C:\Program Files\Windows Live\Messenger\msgsc.dll MD5: 6f0dab13529bcb7c0f8a3082a8b1cde9 C:\Program Files\Windows Live\Messenger\msnmsgr.exe MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll MD5: cc9e4d197143738bd868282e76ff6731 C:\Program Files\Windows Live\Shared\WLDCore.dll MD5: 77fbd400984cf72ba0fc4b3489d65f74 C:\Program Files\Windows Media Player\wmpnetwk.exe MD5: ad73b4cd214de82d003fdadbaeab6410 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys MD5: c15fcea5c150314489698b2571a5190d C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110624.050\IDSvix86.sys MD5: c15fcea5c150314489698b2571a5190d C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110625.050\IDSvix86.sys MD5: e170dbbe40f08b084fe5bb308e4f1745 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110625.050\Scxpx86.dll MD5: 920d9701bba90dbb7ccfd3536ea4d6f9 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110627.019\NAVENG.SYS MD5: 31b1a9b53c3319b97f7874347cd992d2 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110627.019\NAVEX15.SYS MD5: 1661939dfef9495751601fc1a5a946d4 C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ebdaeaeb9f66c9035b5f11431f10cda4\mscorlib.ni.dll MD5: a176025ac7f5b4568150dc1080de1d39 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9d054fc9618b81d5703af1662cd11135\System.Configuration.ni.dll MD5: 7af45d5b01250c785be964ca67c60367 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2a34e74599686e7383ae90670a994cdf\System.Drawing.ni.dll MD5: e2782d5dbfc90634604e6f77df0fc496 C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b6d66d3c48e430796c17d0497ce37972\System.ServiceProcess.ni.dll MD5: 597da8d1596810eacc54a64d43a264ee C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4ea95056046fdf87f06ae807308b627\System.Windows.Forms.ni.dll MD5: 1d44211c58d1178eb66518c18622958d C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\167c8c3817ba1f48fe7396cc56f557e3\System.Xml.ni.dll MD5: 30ce301c8f874c45e857d0dace1e8eb8 C:\windows\assembly\NativeImages_v2.0.50727_32\System\50c67f851ae3df2d0ab7d86fd1c5c7e0\System.ni.dll MD5: 23dc75d158d484177ffe99e23264f89f C:\Windows\Downloaded Program Files\qsax.dll MD5: 1697c39978cd69f6fbc15302edcece1f C:\windows\ehome\ehRecvr.exe MD5: 2af58d15edc06ec6fdacce1f19482bbf C:\Windows\explorer.exe MD5: c12c6b2201af4e116ba10089ea5e2bd7 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll MD5: c5b62807c0fd81ac1ed419faea666993 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll MD5: fabfc817547eabb19b74849cef410622 C:\windows\system32\authui.dll MD5: 53831de9162c6c2378574b59eb786bf1 C:\windows\system32\corpol.dll MD5: b8473011f59a6aa2b35e84aa19d707cf C:\windows\system32\d3d10_1.dll MD5: 029e2a480ce2020df097e535a2311712 C:\windows\system32\d3d10_1core.dll MD5: 7fb5696ebcb8131ad2e2defe5f19c4b5 C:\windows\System32\davclnt.dll MD5: 62390f4ace9e2b63e3ca26b7f7497897 C:\windows\system32\dnsapi.DLL MD5: b15be77a2bacf9c3177d27518afe26a9 C:\windows\System32\dnsrslvr.dll MD5: 0db7a48388d54d154ebec120461a0fcd C:\windows\system32\drivers\afd.sys MD5: 19ce906b4cdc11fc4fef5745f33a63b6 C:\windows\system32\drivers\amdsata.sys MD5: 869e67d66be326a5a9159fba8746fa70 C:\windows\system32\drivers\amdxata.sys MD5: 9a5c671b7fbae4865149bb11f59b91b2 C:\windows\system32\DRIVERS\bowser.sys MD5: 83d1ecea8faae75604c0fa49ac7ad996 C:\windows\System32\Drivers\dfsc.sys MD5: 1679a4669326cb1a67cc95658d273234 C:\windows\System32\drivers\dxgkrnl.sys MD5: 71f1a494fedf4b33c02c4a6a28d6d9e9 C:\windows\system32\drivers\iaStorV.sys MD5: 8828710129b835fd59e8be6615eb3786 C:\windows\system32\DRIVERS\igdkmd32.sys MD5: 6e3d3816749e107883eec5734ce44493 C:\windows\system32\DRIVERS\LPCFilter.sys MD5: ca7570e42522e24324a12161db14ec02 C:\windows\system32\DRIVERS\mrxsmb.sys MD5: c108952d3660375dcb716b222912e868 C:\windows\system32\DRIVERS\mrxsmb10.sys MD5: 25c38264a3c72594dd21d355d70d7a5d C:\windows\system32\DRIVERS\mrxsmb20.sys MD5: a73399804d5d4a8b20ba60fcf70c9f1f C:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS MD5: 83726cf02eced69138948083e06b6eac C:\windows\system32\drivers\NAV\1206000.01D\SRTSP.SYS MD5: 4e7eab2e5615d39cf1f1df9c71e5e225 C:\windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS MD5: 9bbeb8c6258e72d62e7560e6667aad39 C:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS MD5: d5c02629c02a820a7e71bca3d44294a3 C:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS MD5: cc71cf163de8b62ccd077e20e909c960 C:\windows\system32\drivers\NAV\1206000.01D\SYMNETS.SYS MD5: f1b0bed906f97e16f6d0c3629d2f21c6 C:\windows\system32\drivers\nvraid.sys MD5: 4520b63899e867f354ee012d34e11536 C:\windows\system32\drivers\nvstor.sys MD5: 26a9d6227d12b9d9da5a81bb9b55d810 C:\windows\system32\DRIVERS\Rt86win7.sys MD5: e4a2e810cb2607c9c159c0dfb0bd4c88 C:\windows\system32\drivers\RTKVHDA.sys MD5: 55a367c663e505c92c82560a99685ce2 C:\windows\system32\DRIVERS\RTL8187B.sys MD5: 07f66ca7db9608806ca2ef1970daba58 C:\windows\System32\Drivers\RtsUStor.sys MD5: c4a027b8c0bd3fc0699f41fa5e9e0c87 C:\windows\System32\DRIVERS\srv.sys MD5: 414bb592cad8a79649d01f9d94318fb3 C:\windows\System32\DRIVERS\srv2.sys MD5: ff207d67700aa18242aaf985d3e7d8f4 C:\windows\System32\DRIVERS\srvnet.sys MD5: ab33c3b196197ca467cbdda717860dba C:\windows\system32\Drivers\SYMEVENT.SYS MD5: 8bd10dc8809dc69a1c5a795cb10add76 C:\windows\system32\DRIVERS\SynTP.sys MD5: 0158d5e9982e9d6a90dfc802f618e130 C:\windows\System32\drivers\tcpip.sys MD5: 4084ea00d50c858d6f9038f86ae2e2d0 C:\windows\system32\DRIVERS\tdcmdpst.sys MD5: 969377943fe7284609babbab4e06b93c C:\windows\system32\DRIVERS\tos_sps32.sys MD5: fc24015b4052600c324c43e3a79c0664 C:\windows\system32\DRIVERS\TVALZ_O.SYS MD5: c31ae588e403042632dc796cf09e30b0 C:\windows\system32\drivers\usbccgp.sys MD5: e4c436d914768ce965d5e659ba7eebd8 C:\windows\system32\DRIVERS\usbehci.sys MD5: bdcd7156ec37448f08633fd899823620 C:\windows\system32\DRIVERS\usbhub.sys MD5: eb2d819a639015253c871cda09d91d58 C:\windows\system32\drivers\usbohci.sys MD5: 1c4287739a93594e57e2a9e6a3ed7353 C:\windows\system32\drivers\USBSTOR.SYS MD5: 22480bf4e5a09192e5e30ba4dde79fa4 C:\windows\system32\DRIVERS\usbuhci.sys MD5: 60cc965a89e2072ebd26d63d5e1e1d18 C:\windows\system32\dwmcore.dll MD5: 8898c95862d03d16b2a06db4db6bb6b2 C:\windows\system32\explorerframe.dll MD5: 7fe4995528a7529a761875151ee3d512 C:\windows\system32\FntCache.dll MD5: 9d91aca2304e034cb6b85e34feb36aae C:\Windows\System32\hccutils.DLL MD5: eb7e08304b07899b30b80f41d88179b6 C:\Windows\System32\hkcmd.exe MD5: 0c7b28decceb403b8853f52664f26e9b C:\windows\system32\IEFRAME.dll MD5: 438147dae79299a5a9240219942b4439 C:\Windows\System32\iepeers.dll MD5: 570c6b12e7bd623a85ea1f01c75c346a C:\windows\system32\iertutil.dll MD5: f88391450bfdd2c789bd98ff54f51745 C:\windows\system32\IEUI.dll MD5: 84c123c5e81fa3bd183f94847410c1a3 C:\windows\system32\igd10umd32.dll MD5: bd544c2a4f4a3717a6289d5803c1de8b C:\windows\system32\igdumd32.dll MD5: f0ed889f9c684b0763b3c8ab5ba113e1 C:\windows\system32\igdumdx32.dll MD5: 8b05e9fd64e217c1e9f8ec89d46688b0 C:\windows\system32\igfxdev.dll MD5: 964858b018aa96fbed2a1929dd2e27cd C:\windows\system32\igfxexps.dll MD5: a1af9531cd6d7dac2fed6c098174debc C:\Windows\System32\igfxext.exe MD5: 7b50f8d7db34cc25ca899a194876dae8 C:\Windows\System32\igfxpers.exe MD5: 17a3ac366168ada4fd9091e0450846da C:\windows\system32\igfxrENU.lrc MD5: 57a905d15e8f553400ab5c440fec78fc C:\Windows\System32\igfxress.dll MD5: 2c78eaea857230eb475a3c6dc5f73fbd C:\windows\system32\igfxsrvc.dll MD5: 9f570c660a1fcf7281d233905f88190d C:\Windows\System32\igfxsrvc.exe MD5: 678f77b6e07b5dc5e1ce58ec74a8c037 C:\Windows\System32\igfxtray.exe MD5: c6595b078842e187c6587a285b43a565 C:\windows\system32\INETCOMM.DLL MD5: 0bd0665d8bfd321d3b5a898ed09d1df3 C:\windows\system32\jscript.dll MD5: efbef826c183cf8edab324ce514d69b7 C:\windows\system32\Macromed\Flash\Flash10t.ocx MD5: 3a2c4d7ffbb0101cad4fd5de0705757a C:\windows\system32\msfeeds.dll MD5: 1816d4cf1a7cbb72298ab120059226d4 C:\Windows\System32\mshtml.dll MD5: 4a1b9779c5d580745b63feacc3b4332f C:\windows\system32\MSRATING.dll MD5: bd669749eaeff96773b5f8d0a43e0068 C:\windows\System32\msxml3.dll MD5: 5f856156f709df40b42d36ae8a0f0695 C:\windows\System32\msxml6.dll MD5: 3bbf9937cc8c58e8b418b01bddb8d43b C:\windows\SYSTEM32\ntdll.dll MD5: e2c2d8c982316c8abf800c6ce3f28fab C:\windows\system32\ole32.dll MD5: 06333b8d05d4f3a2af25eb14fc0a1dff C:\windows\system32\OLEAUT32.dll MD5: 2862a3819bbc9757dd27bac41a4e0a3e C:\windows\System32\pnidui.dll MD5: 21cf5c7d8d727dcc337a1d251b6135f4 C:\windows\system32\schannel.DLL MD5: df1e5c82e4d09cf8105cc644980c4803 C:\windows\system32\schedsvc.dll MD5: d1bb750eb51694de183e08b9c33be5b2 C:\windows\System32\spoolsv.exe MD5: 4c287f9069fedbd791178876ee9de536 C:\windows\system32\sppsvc.exe MD5: 8f6bf790d3168224c16f2af68a84438c C:\windows\System32\srvsvc.dll MD5: 8d908f346eedd752005a32787a6dcafa C:\windows\System32\StructuredQuery.dll MD5: 8c7fe6b9559204765849bff308764fa5 C:\windows\System32\SyncCenter.dll MD5: bb9501ffb0223cf0c83a16a1cb7516d4 C:\windows\system32\SynCOM.dll MD5: d7688ea8637f2e908259cbd5835b1571 C:\windows\system32\SynTPAPI.dll MD5: 04105c8da62353589c29bdaeb8d88bd8 C:\windows\system32\sysmain.dll MD5: f8952e80b7f778da2f7aa8393ca2d30e C:\Windows\System32\taskeng.exe MD5: 21012407e8c74aa72bbb485b0fc197fe C:\Windows\system32\taskschd.dll MD5: e1ef320cbb1a6623df040d5539dda8f4 C:\Windows\system32\TaskSchdPS.dll MD5: fe65d33b7d4ff07dd1d29526a48df810 C:\Windows\system32\TODDSrv.exe MD5: ca4d146eac05ec4ba5fc4936f3369627 C:\windows\system32\urlmon.dll MD5: 509b666bf56d469c641df55652c76168 C:\Windows\system32\vbscript.dll MD5: 7790b77fe1e5ee47dcc66247095bb4c9 C:\windows\system32\wbengine.exe MD5: 6d9b75275c3e3a5f51aef81affadb2b6 C:\windows\System32\wcncsvc.dll MD5: 177df28315bf4300ecb5cbeeee961292 c:\windows\system32\webcheck.dll MD5: bb5ec38f8d4600119b4720bc5d4211f1 C:\windows\System32\webclnt.dll MD5: 9a6dedbe309aa0ce2c31ee6799b38e4f C:\windows\System32\werconcpl.dll MD5: cc9bbcfc715fbedf7ae476106fe653e9 C:\windows\System32\winhttp.dll MD5: 27cdaf355cce3762c7f13719e814418b C:\windows\system32\WININET.dll MD5: 374b26395852a9092bde2e4c8d4d0c8d C:\windows\System32\WSCAPI.dll MD5: a661a76333057b383a06e65f0073222f C:\windows\system32\wscsvc.dll MD5: 7fd5532c142db6c9cc47aa4dcf71fdec C:\windows\System32\wscui.cpl MD5: a33408cc036f9c08142b11be5e93f0a1 C:\windows\system32\wuaueng.dll MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll MD5: c9564cf4976e7e96b4052737aa2492b4 C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL MD5: 28a09777d2d952122567a8a82f1a2c7b C:\windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll MD5: cdbe9690cf2b8409facad94fac9479c9 C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll MD5: d3ead1cf16ba729a7f7c9a5d94aa7c05 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.dll MD5: 4b8dd8541c0e26602005dd0137333615 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll No file uploaded. Scan finished - communication took 2 sec Total traffic - 0.02 MB sent, 0.75 KB recvd Scanned 787 files and modules - 25 seconds ==============================================================================
  2. divinetiger
    ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK
  3. divinetiger
    2011/06/26 23:45:21.0278 5932 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15 2011/06/26 23:45:21.0808 5932 ================================================================================ 2011/06/26 23:45:21.0808 5932 SystemInfo: 2011/06/26 23:45:21.0808 5932 2011/06/26 23:45:21.0808 5932 OS Version: 6.1.7600 ServicePack: 0.0 2011/06/26 23:45:21.0808 5932 Product type: Workstation 2011/06/26 23:45:21.0808 5932 ComputerName: JOE-PC 2011/06/26 23:45:21.0808 5932 UserName: Joe 2011/06/26 23:45:21.0808 5932 Windows directory: C:\windows 2011/06/26 23:45:21.0808 5932 System windows directory: C:\windows 2011/06/26 23:45:21.0808 5932 Processor architecture: Intel x86 2011/06/26 23:45:21.0808 5932 Number of processors: 1 2011/06/26 23:45:21.0808 5932 Page size: 0x1000 2011/06/26 23:45:21.0808 5932 Boot type: Normal boot 2011/06/26 23:45:21.0808 5932 ================================================================================ 2011/06/26 23:45:22.0261 5932 Initialize success 2011/06/26 23:46:08.0218 4156 ================================================================================ 2011/06/26 23:46:08.0218 4156 Scan started 2011/06/26 23:46:08.0218 4156 Mode: Manual; 2011/06/26 23:46:08.0218 4156 ================================================================================ 2011/06/26 23:46:09.0201 4156 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys 2011/06/26 23:46:09.0404 4156 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys 2011/06/26 23:46:09.0591 4156 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys 2011/06/26 23:46:09.0856 4156 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys 2011/06/26 23:46:10.0028 4156 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys 2011/06/26 23:46:10.0231 4156 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys 2011/06/26 23:46:10.0418 4156 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys 2011/06/26 23:46:10.0590 4156 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys 2011/06/26 23:46:10.0761 4156 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys 2011/06/26 23:46:10.0886 4156 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys 2011/06/26 23:46:11.0104 4156 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys 2011/06/26 23:46:11.0229 4156 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys 2011/06/26 23:46:11.0385 4156 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys 2011/06/26 23:46:11.0526 4156 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys 2011/06/26 23:46:11.0666 4156 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys 2011/06/26 23:46:11.0822 4156 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys 2011/06/26 23:46:11.0962 4156 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys 2011/06/26 23:46:12.0103 4156 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys 2011/06/26 23:46:12.0306 4156 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys 2011/06/26 23:46:12.0618 4156 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys 2011/06/26 23:46:12.0805 4156 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys 2011/06/26 23:46:13.0039 4156 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys 2011/06/26 23:46:13.0179 4156 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys 2011/06/26 23:46:13.0413 4156 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys 2011/06/26 23:46:13.0569 4156 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys 2011/06/26 23:46:13.0803 4156 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys 2011/06/26 23:46:14.0193 4156 BHDrvx86 (ad73b4cd214de82d003fdadbaeab6410) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys 2011/06/26 23:46:14.0349 4156 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys 2011/06/26 23:46:14.0505 4156 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys 2011/06/26 23:46:14.0630 4156 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys 2011/06/26 23:46:14.0895 4156 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys 2011/06/26 23:46:15.0067 4156 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys 2011/06/26 23:46:15.0238 4156 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys 2011/06/26 23:46:15.0394 4156 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys 2011/06/26 23:46:15.0566 4156 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys 2011/06/26 23:46:15.0753 4156 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys 2011/06/26 23:46:16.0050 4156 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys 2011/06/26 23:46:16.0174 4156 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys 2011/06/26 23:46:16.0346 4156 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys 2011/06/26 23:46:16.0502 4156 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys 2011/06/26 23:46:16.0752 4156 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys 2011/06/26 23:46:16.0954 4156 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys 2011/06/26 23:46:17.0079 4156 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys 2011/06/26 23:46:17.0220 4156 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys 2011/06/26 23:46:17.0376 4156 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys 2011/06/26 23:46:17.0547 4156 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys 2011/06/26 23:46:17.0766 4156 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys 2011/06/26 23:46:17.0968 4156 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys 2011/06/26 23:46:18.0109 4156 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys 2011/06/26 23:46:18.0358 4156 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys 2011/06/26 23:46:18.0561 4156 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys 2011/06/26 23:46:18.0998 4156 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys 2011/06/26 23:46:19.0201 4156 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2011/06/26 23:46:19.0404 4156 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys 2011/06/26 23:46:19.0669 4156 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2011/06/26 23:46:19.0903 4156 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys 2011/06/26 23:46:20.0152 4156 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys 2011/06/26 23:46:20.0293 4156 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys 2011/06/26 23:46:20.0449 4156 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys 2011/06/26 23:46:20.0620 4156 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys 2011/06/26 23:46:20.0792 4156 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys 2011/06/26 23:46:20.0932 4156 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys 2011/06/26 23:46:21.0057 4156 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys 2011/06/26 23:46:21.0432 4156 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys 2011/06/26 23:46:21.0572 4156 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys 2011/06/26 23:46:21.0728 4156 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys 2011/06/26 23:46:21.0853 4156 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys 2011/06/26 23:46:22.0134 4156 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys 2011/06/26 23:46:22.0305 4156 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys 2011/06/26 23:46:22.0477 4156 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys 2011/06/26 23:46:22.0602 4156 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys 2011/06/26 23:46:22.0758 4156 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys 2011/06/26 23:46:22.0960 4156 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys 2011/06/26 23:46:23.0194 4156 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys 2011/06/26 23:46:23.0413 4156 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys 2011/06/26 23:46:23.0647 4156 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys 2011/06/26 23:46:23.0787 4156 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys 2011/06/26 23:46:24.0021 4156 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys 2011/06/26 23:46:24.0177 4156 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys 2011/06/26 23:46:24.0318 4156 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys 2011/06/26 23:46:24.0676 4156 IDSVix86 (c15fcea5c150314489698b2571a5190d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110624.050\IDSvix86.sys 2011/06/26 23:46:25.0285 4156 igfx (8828710129b835fd59e8be6615eb3786) C:\windows\system32\DRIVERS\igdkmd32.sys 2011/06/26 23:46:25.0534 4156 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys 2011/06/26 23:46:25.0800 4156 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys 2011/06/26 23:46:25.0940 4156 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys 2011/06/26 23:46:26.0080 4156 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys 2011/06/26 23:46:26.0205 4156 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys 2011/06/26 23:46:26.0361 4156 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys 2011/06/26 23:46:26.0502 4156 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys 2011/06/26 23:46:26.0658 4156 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys 2011/06/26 23:46:26.0829 4156 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys 2011/06/26 23:46:26.0985 4156 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys 2011/06/26 23:46:27.0126 4156 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys 2011/06/26 23:46:27.0266 4156 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys 2011/06/26 23:46:27.0406 4156 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys 2011/06/26 23:46:27.0594 4156 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys 2011/06/26 23:46:27.0796 4156 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys 2011/06/26 23:46:27.0952 4156 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys 2011/06/26 23:46:28.0077 4156 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys 2011/06/26 23:46:28.0233 4156 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys 2011/06/26 23:46:28.0358 4156 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys 2011/06/26 23:46:28.0514 4156 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys 2011/06/26 23:46:28.0904 4156 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys 2011/06/26 23:46:29.0091 4156 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys 2011/06/26 23:46:29.0232 4156 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys 2011/06/26 23:46:29.0356 4156 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys 2011/06/26 23:46:29.0481 4156 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys 2011/06/26 23:46:29.0622 4156 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys 2011/06/26 23:46:29.0746 4156 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys 2011/06/26 23:46:29.0887 4156 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys 2011/06/26 23:46:30.0027 4156 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys 2011/06/26 23:46:30.0152 4156 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys 2011/06/26 23:46:30.0277 4156 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys 2011/06/26 23:46:30.0433 4156 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\windows\system32\DRIVERS\mrxsmb10.sys 2011/06/26 23:46:30.0558 4156 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys 2011/06/26 23:46:30.0667 4156 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys 2011/06/26 23:46:30.0776 4156 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys 2011/06/26 23:46:30.0948 4156 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys 2011/06/26 23:46:31.0057 4156 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys 2011/06/26 23:46:31.0166 4156 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys 2011/06/26 23:46:31.0291 4156 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys 2011/06/26 23:46:31.0431 4156 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys 2011/06/26 23:46:31.0556 4156 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys 2011/06/26 23:46:31.0696 4156 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys 2011/06/26 23:46:31.0962 4156 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys 2011/06/26 23:46:32.0149 4156 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys 2011/06/26 23:46:32.0320 4156 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys 2011/06/26 23:46:32.0445 4156 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys 2011/06/26 23:46:32.0664 4156 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys 2011/06/26 23:46:32.0913 4156 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110626.002\NAVENG.SYS 2011/06/26 23:46:33.0194 4156 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110626.002\NAVEX15.SYS 2011/06/26 23:46:33.0475 4156 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys 2011/06/26 23:46:33.0662 4156 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys 2011/06/26 23:46:33.0865 4156 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys 2011/06/26 23:46:34.0021 4156 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys 2011/06/26 23:46:34.0161 4156 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys 2011/06/26 23:46:34.0317 4156 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys 2011/06/26 23:46:34.0458 4156 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys 2011/06/26 23:46:34.0660 4156 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys 2011/06/26 23:46:34.0926 4156 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys 2011/06/26 23:46:35.0160 4156 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys 2011/06/26 23:46:35.0331 4156 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys 2011/06/26 23:46:35.0706 4156 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys 2011/06/26 23:46:35.0862 4156 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys 2011/06/26 23:46:36.0018 4156 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys 2011/06/26 23:46:36.0189 4156 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys 2011/06/26 23:46:36.0330 4156 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys 2011/06/26 23:46:36.0501 4156 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys 2011/06/26 23:46:36.0704 4156 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys 2011/06/26 23:46:36.0860 4156 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys 2011/06/26 23:46:37.0032 4156 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys 2011/06/26 23:46:37.0156 4156 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys 2011/06/26 23:46:37.0344 4156 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys 2011/06/26 23:46:37.0593 4156 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys 2011/06/26 23:46:37.0718 4156 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys 2011/06/26 23:46:37.0983 4156 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys 2011/06/26 23:46:38.0233 4156 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys 2011/06/26 23:46:38.0560 4156 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys 2011/06/26 23:46:38.0763 4156 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys 2011/06/26 23:46:39.0013 4156 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys 2011/06/26 23:46:39.0356 4156 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys 2011/06/26 23:46:39.0481 4156 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys 2011/06/26 23:46:39.0621 4156 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys 2011/06/26 23:46:39.0746 4156 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys 2011/06/26 23:46:39.0918 4156 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys 2011/06/26 23:46:40.0105 4156 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys 2011/06/26 23:46:40.0245 4156 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys 2011/06/26 23:46:40.0386 4156 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys 2011/06/26 23:46:40.0557 4156 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys 2011/06/26 23:46:40.0760 4156 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys 2011/06/26 23:46:41.0088 4156 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys 2011/06/26 23:46:41.0259 4156 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys 2011/06/26 23:46:41.0431 4156 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys 2011/06/26 23:46:41.0618 4156 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys 2011/06/26 23:46:41.0883 4156 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys 2011/06/26 23:46:42.0039 4156 RSUSBSTOR (07f66ca7db9608806ca2ef1970daba58) C:\windows\system32\Drivers\RtsUStor.sys 2011/06/26 23:46:42.0211 4156 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys 2011/06/26 23:46:42.0351 4156 RTL8187B (55a367c663e505c92c82560a99685ce2) C:\windows\system32\DRIVERS\RTL8187B.sys 2011/06/26 23:46:42.0695 4156 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys 2011/06/26 23:46:42.0851 4156 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys 2011/06/26 23:46:43.0022 4156 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys 2011/06/26 23:46:43.0163 4156 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys 2011/06/26 23:46:43.0303 4156 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys 2011/06/26 23:46:43.0506 4156 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys 2011/06/26 23:46:43.0662 4156 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys 2011/06/26 23:46:43.0818 4156 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys 2011/06/26 23:46:43.0943 4156 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys 2011/06/26 23:46:44.0083 4156 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys 2011/06/26 23:46:44.0223 4156 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys 2011/06/26 23:46:44.0364 4156 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys 2011/06/26 23:46:44.0489 4156 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys 2011/06/26 23:46:44.0613 4156 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys 2011/06/26 23:46:44.0785 4156 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys 2011/06/26 23:46:44.0972 4156 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\System32\Drivers\sptd.sys 2011/06/26 23:46:45.0144 4156 SRTSP (83726cf02eced69138948083e06b6eac) C:\windows\system32\drivers\NAV\1206000.01D\SRTSP.SYS 2011/06/26 23:46:45.0331 4156 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS 2011/06/26 23:46:45.0456 4156 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys 2011/06/26 23:46:45.0596 4156 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys 2011/06/26 23:46:45.0721 4156 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys 2011/06/26 23:46:45.0877 4156 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys 2011/06/26 23:46:46.0002 4156 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys 2011/06/26 23:46:46.0189 4156 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS 2011/06/26 23:46:46.0407 4156 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS 2011/06/26 23:46:46.0548 4156 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\windows\system32\Drivers\SYMEVENT.SYS 2011/06/26 23:46:46.0704 4156 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS 2011/06/26 23:46:46.0891 4156 SymNetS (cc71cf163de8b62ccd077e20e909c960) C:\windows\system32\drivers\NAV\1206000.01D\SYMNETS.SYS 2011/06/26 23:46:47.0031 4156 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys 2011/06/26 23:46:47.0219 4156 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\windows\system32\drivers\tcpip.sys 2011/06/26 23:46:47.0390 4156 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\windows\system32\DRIVERS\tcpip.sys 2011/06/26 23:46:47.0531 4156 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys 2011/06/26 23:46:47.0671 4156 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys 2011/06/26 23:46:47.0796 4156 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys 2011/06/26 23:46:47.0905 4156 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys 2011/06/26 23:46:48.0030 4156 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys 2011/06/26 23:46:48.0155 4156 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys 2011/06/26 23:46:48.0373 4156 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys 2011/06/26 23:46:48.0513 4156 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys 2011/06/26 23:46:48.0669 4156 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys 2011/06/26 23:46:48.0794 4156 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS 2011/06/26 23:46:48.0903 4156 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys 2011/06/26 23:46:49.0028 4156 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys 2011/06/26 23:46:49.0169 4156 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys 2011/06/26 23:46:49.0309 4156 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys 2011/06/26 23:46:49.0434 4156 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys 2011/06/26 23:46:49.0559 4156 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\drivers\usbccgp.sys 2011/06/26 23:46:49.0777 4156 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys 2011/06/26 23:46:49.0886 4156 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\DRIVERS\usbehci.sys 2011/06/26 23:46:50.0027 4156 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys 2011/06/26 23:46:50.0136 4156 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys 2011/06/26 23:46:50.0261 4156 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys 2011/06/26 23:46:50.0432 4156 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\drivers\USBSTOR.SYS 2011/06/26 23:46:50.0573 4156 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\DRIVERS\usbuhci.sys 2011/06/26 23:46:50.0713 4156 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys 2011/06/26 23:46:50.0838 4156 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys 2011/06/26 23:46:50.0963 4156 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys 2011/06/26 23:46:51.0087 4156 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys 2011/06/26 23:46:51.0228 4156 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys 2011/06/26 23:46:51.0353 4156 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys 2011/06/26 23:46:51.0477 4156 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys 2011/06/26 23:46:51.0587 4156 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys 2011/06/26 23:46:51.0711 4156 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys 2011/06/26 23:46:51.0836 4156 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys 2011/06/26 23:46:51.0992 4156 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys 2011/06/26 23:46:52.0117 4156 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\System32\drivers\vwifibus.sys 2011/06/26 23:46:52.0257 4156 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys 2011/06/26 23:46:52.0413 4156 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys 2011/06/26 23:46:52.0538 4156 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys 2011/06/26 23:46:52.0569 4156 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys 2011/06/26 23:46:52.0741 4156 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys 2011/06/26 23:46:52.0881 4156 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys 2011/06/26 23:46:53.0069 4156 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys 2011/06/26 23:46:53.0193 4156 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys 2011/06/26 23:46:53.0412 4156 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys 2011/06/26 23:46:53.0583 4156 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys 2011/06/26 23:46:53.0739 4156 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys 2011/06/26 23:46:53.0864 4156 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys 2011/06/26 23:46:53.0958 4156 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0 2011/06/26 23:46:53.0973 4156 ================================================================================ 2011/06/26 23:46:53.0973 4156 Scan finished 2011/06/26 23:46:53.0973 4156 ================================================================================ 2011/06/26 23:46:54.0005 4140 Detected object count: 0 2011/06/26 23:46:54.0005 4140 Actual detected object count: 0
  4. divinetiger
    ComboFix 11-06-26.01 - Joe 06/26/2011 23:09:49.6.1 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1196 [GMT -7:00] Running from: c:\users\Joe\Desktop\ComboFix.exe Command switches used :: c:\users\Joe\Desktop\CFScript.txt AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\users\Joe\Desktop\volsnap.sys --> c:\windows\System32\drivers\volsnap.sys . ((((((((((((((((((((((((( Files Created from 2011-05-27 to 2011-06-27 ))))))))))))))))))))))))))))))) . . 2011-06-27 06:16 . 2011-06-27 06:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-27 05:48 . 2011-06-27 05:48 -------- d-----w- c:\users\Joe\AppData\Local\{78B8A73D-3C2E-43EB-B7A2-83B5AA3C0069} 2011-06-26 22:43 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-26 22:43 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-26 22:43 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-26 22:40 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2011-06-26 22:40 . 2011-04-29 05:08 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-26 22:40 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-26 22:40 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-26 22:40 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-26 20:46 . 2011-01-17 17:50 333176 ----a-w- c:\windows\Listdlls.exe 2011-06-26 20:46 . 2011-05-17 19:48 423288 ----a-w- c:\windows\handle.exe 2011-06-17 03:12 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-13 04:20 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll 2011-06-13 04:20 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll 2011-06-13 04:20 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-06-13 04:12 . 2011-06-13 04:12 -------- d-----w- c:\windows\en 2011-06-13 04:09 . 2009-09-05 00:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2011-06-13 04:09 . 2009-09-05 00:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2011-06-13 04:09 . 2009-09-05 00:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-06-13 04:09 . 2011-06-13 04:09 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\a6667f951cc297f2b\InstallManager_WLE_WLE.exe 2011-06-13 04:08 . 2011-06-13 04:08 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\9b525dc01cc297f20\MeshBetaRemover.exe 2011-06-13 04:08 . 2011-06-13 04:08 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\DSETUP.dll 2011-06-13 04:08 . 2011-06-13 04:08 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\DXSETUP.exe 2011-06-13 04:08 . 2011-06-13 04:08 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\dsetup32.dll 2011-06-13 04:08 . 2011-06-13 04:08 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\DSETUP.dll 2011-06-13 04:08 . 2011-06-13 04:08 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\DXSETUP.exe 2011-06-13 04:08 . 2011-06-13 04:08 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\dsetup32.dll 2011-06-13 04:07 . 2011-06-27 05:48 -------- d-----w- c:\users\Joe\AppData\Local\Windows Live 2011-06-12 07:55 . 2011-06-12 07:55 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes 2011-06-12 07:55 . 2011-06-12 07:55 -------- d-----w- c:\programdata\Malwarebytes 2011-06-12 07:55 . 2011-06-17 03:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-10 17:46 . 2011-06-13 05:27 -------- d-----w- c:\users\Joe\AppData\Local\NPE 2011-06-10 17:30 . 2011-06-23 07:03 -------- d-----w- c:\users\Joe\AppData\Local\Diagnostics 2011-06-10 17:23 . 2011-06-17 07:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-01 02:36 . 2011-06-01 02:38 -------- d-----w- c:\program files\Common Files\Symantec Shared 2011-06-01 02:36 . 2011-06-01 02:36 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-06-01 02:36 . 2011-06-01 02:36 -------- d-----w- c:\program files\Symantec 2011-06-01 02:35 . 2011-06-01 02:36 -------- d-----w- c:\windows\system32\drivers\NAV 2011-06-01 02:35 . 2011-06-01 02:35 -------- d-----w- c:\program files\Norton AntiVirus 2011-06-01 02:23 . 2011-06-01 02:41 -------- d-----w- c:\program files\NortonInstaller . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-13 04:10 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-09 20:46 . 2011-05-27 20:15 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E61626E-1B97-4281-AC50-341E30FF6E65}\mpengine.dll 2011-04-22 19:36 . 2011-05-27 20:15 26496 ---ha-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-09 06:13 . 2011-05-11 21:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:13 . 2011-05-11 21:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-19 19:02 123904 ----a-w- c:\windows\system32\poqexec.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 151064] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512] "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616] "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672] "NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 135664] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 135664] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 171008] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-23 691696] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS [2011-01-27 340088] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS [2011-03-15 744568] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys [2011-05-19 810616] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110624.050\IDSvix86.sys [2011-06-03 367736] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS [2011-01-27 136312] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAV\1206000.01D\SYMNETS.SYS [2011-03-22 296568] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448] S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-06-01 105592] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936] S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-01 374272] S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}] 2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe . Contents of the 'Scheduled Tasks' folder . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc27946295572c.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 20:41] . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc279463d1ee30.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 20:41] . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.0.1 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1" . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\taskhost.exe c:\windows\system32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conhost.exe c:\windows\system32\igfxsrvc.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\windows\system32\igfxext.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe c:\windows\system32\DllHost.exe c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2011-06-26 23:22:11 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-27 06:22 ComboFix2.txt 2011-06-27 04:52 ComboFix3.txt 2011-06-27 03:32 ComboFix4.txt 2011-06-27 01:56 ComboFix5.txt 2011-06-27 06:08 . Pre-Run: 205,564,944,384 bytes free Post-Run: 205,503,266,816 bytes free . - - End Of File - - D691DA00D11F3E55B06C280D56611C76
  5. divinetiger
    Seems to be running well. Doesn't seem to be doing any redirects! What an ordeal!
  6. divinetiger
    ComboFix 11-06-26.01 - Joe 06/26/2011 21:44:14.5.1 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1117 [GMT -7:00] Running from: c:\users\Joe\Desktop\ComboFix.exe AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-05-27 to 2011-06-27 ))))))))))))))))))))))))))))))) . . 2011-06-27 04:49 . 2011-06-27 04:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-26 20:46 . 2011-01-17 17:50 333176 ----a-w- c:\windows\Listdlls.exe 2011-06-26 20:46 . 2011-05-17 19:48 423288 ----a-w- c:\windows\handle.exe 2011-06-17 03:12 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-13 04:20 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll 2011-06-13 04:20 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll 2011-06-13 04:20 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-06-13 04:12 . 2011-06-13 04:12 -------- d-----w- c:\windows\en 2011-06-13 04:09 . 2009-09-05 00:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2011-06-13 04:09 . 2009-09-05 00:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2011-06-13 04:09 . 2009-09-05 00:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-06-13 04:09 . 2011-06-13 04:09 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\a6667f951cc297f2b\InstallManager_WLE_WLE.exe 2011-06-13 04:08 . 2011-06-13 04:08 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\9b525dc01cc297f20\MeshBetaRemover.exe 2011-06-13 04:08 . 2011-06-13 04:08 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\DSETUP.dll 2011-06-13 04:08 . 2011-06-13 04:08 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\DXSETUP.exe 2011-06-13 04:08 . 2011-06-13 04:08 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\dsetup32.dll 2011-06-13 04:08 . 2011-06-13 04:08 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\DSETUP.dll 2011-06-13 04:08 . 2011-06-13 04:08 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\DXSETUP.exe 2011-06-13 04:08 . 2011-06-13 04:08 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\dsetup32.dll 2011-06-13 04:07 . 2011-06-26 19:18 -------- d-----w- c:\users\Joe\AppData\Local\Windows Live 2011-06-12 07:55 . 2011-06-12 07:55 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes 2011-06-12 07:55 . 2011-06-12 07:55 -------- d-----w- c:\programdata\Malwarebytes 2011-06-12 07:55 . 2011-06-17 03:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-10 17:46 . 2011-06-13 05:27 -------- d-----w- c:\users\Joe\AppData\Local\NPE 2011-06-10 17:30 . 2011-06-23 07:03 -------- d-----w- c:\users\Joe\AppData\Local\Diagnostics 2011-06-10 17:23 . 2011-06-17 07:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-01 02:36 . 2011-06-01 02:38 -------- d-----w- c:\program files\Common Files\Symantec Shared 2011-06-01 02:36 . 2011-06-01 02:36 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-06-01 02:36 . 2011-06-01 02:36 -------- d-----w- c:\program files\Symantec 2011-06-01 02:35 . 2011-06-01 02:36 -------- d-----w- c:\windows\system32\drivers\NAV 2011-06-01 02:35 . 2011-06-01 02:35 -------- d-----w- c:\program files\Norton AntiVirus 2011-06-01 02:23 . 2011-06-01 02:41 -------- d-----w- c:\program files\NortonInstaller . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-27 04:10 . 2009-07-13 23:11 295808 ----a-w- c:\windows\system32\drivers\volsnap.sys 2011-06-13 04:10 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-09 20:46 . 2011-05-27 20:15 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E61626E-1B97-4281-AC50-341E30FF6E65}\mpengine.dll 2011-04-22 19:36 . 2011-05-27 20:15 26496 ---ha-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-09 06:13 . 2011-05-11 21:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:13 . 2011-05-11 21:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-19 19:02 123904 ----a-w- c:\windows\system32\poqexec.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 151064] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512] "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616] "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672] "NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 135664] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 135664] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 171008] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-23 691696] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS [2011-01-27 340088] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS [2011-03-15 744568] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys [2011-05-19 810616] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110624.050\IDSvix86.sys [2011-06-03 367736] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS [2011-01-27 136312] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAV\1206000.01D\SYMNETS.SYS [2011-03-22 296568] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448] S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-06-01 105592] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936] S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-01 374272] S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}] 2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe . Contents of the 'Scheduled Tasks' folder . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc27946295572c.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 20:41] . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc279463d1ee30.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 20:41] . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.0.1 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(6060) c:\program files\Microsoft Office\OFFICE11\msohev.dll . Completion time: 2011-06-26 21:52:45 ComboFix-quarantined-files.txt 2011-06-27 04:52 ComboFix2.txt 2011-06-27 03:32 ComboFix3.txt 2011-06-27 01:56 ComboFix4.txt 2011-06-26 19:00 . Pre-Run: 206,395,535,360 bytes free Post-Run: 206,351,454,208 bytes free . - - End Of File - - 4295AAAD9879B2C6E56590AF5117015E
  7. divinetiger
    sorry, no.
  8. divinetiger
    I'm using explorer only. It happens with any search engine results. I can navigate directly to a web site if I know the exact address. ComboFix 11-06-26.01 - Joe 06/26/2011 20:21:03.3.1 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1174 [GMT -7:00] Running from: c:\users\Joe\Desktop\ComboFix.exe Command switches used :: c:\users\Joe\Desktop\CFScript.txt.txt AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Joe\volsnap.sys . . ((((((((((((((((((((((((( Files Created from 2011-05-27 to 2011-06-27 ))))))))))))))))))))))))))))))) . . 2011-06-27 03:27 . 2011-06-27 03:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-26 20:46 . 2011-01-17 17:50 333176 ----a-w- c:\windows\Listdlls.exe 2011-06-26 20:46 . 2011-05-17 19:48 423288 ----a-w- c:\windows\handle.exe 2011-06-17 03:12 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-13 04:20 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll 2011-06-13 04:20 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll 2011-06-13 04:20 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-06-13 04:12 . 2011-06-13 04:12 -------- d-----w- c:\windows\en 2011-06-13 04:09 . 2009-09-05 00:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2011-06-13 04:09 . 2009-09-05 00:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2011-06-13 04:09 . 2009-09-05 00:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-06-13 04:09 . 2011-06-13 04:09 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\a6667f951cc297f2b\InstallManager_WLE_WLE.exe 2011-06-13 04:08 . 2011-06-13 04:08 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\9b525dc01cc297f20\MeshBetaRemover.exe 2011-06-13 04:08 . 2011-06-13 04:08 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\DSETUP.dll 2011-06-13 04:08 . 2011-06-13 04:08 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\DXSETUP.exe 2011-06-13 04:08 . 2011-06-13 04:08 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\dsetup32.dll 2011-06-13 04:08 . 2011-06-13 04:08 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\DSETUP.dll 2011-06-13 04:08 . 2011-06-13 04:08 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\DXSETUP.exe 2011-06-13 04:08 . 2011-06-13 04:08 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\dsetup32.dll 2011-06-13 04:07 . 2011-06-26 19:18 -------- d-----w- c:\users\Joe\AppData\Local\Windows Live 2011-06-12 07:55 . 2011-06-12 07:55 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes 2011-06-12 07:55 . 2011-06-12 07:55 -------- d-----w- c:\programdata\Malwarebytes 2011-06-12 07:55 . 2011-06-17 03:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-10 17:46 . 2011-06-13 05:27 -------- d-----w- c:\users\Joe\AppData\Local\NPE 2011-06-10 17:30 . 2011-06-23 07:03 -------- d-----w- c:\users\Joe\AppData\Local\Diagnostics 2011-06-10 17:23 . 2011-06-17 07:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-01 02:36 . 2011-06-01 02:38 -------- d-----w- c:\program files\Common Files\Symantec Shared 2011-06-01 02:36 . 2011-06-01 02:36 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-06-01 02:36 . 2011-06-01 02:36 -------- d-----w- c:\program files\Symantec 2011-06-01 02:35 . 2011-06-01 02:36 -------- d-----w- c:\windows\system32\drivers\NAV 2011-06-01 02:35 . 2011-06-01 02:35 -------- d-----w- c:\program files\Norton AntiVirus 2011-06-01 02:23 . 2011-06-01 02:41 -------- d-----w- c:\program files\NortonInstaller . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-13 04:10 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-09 20:46 . 2011-05-27 20:15 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E61626E-1B97-4281-AC50-341E30FF6E65}\mpengine.dll 2011-04-22 19:36 . 2011-05-27 20:15 26496 ---ha-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-09 06:13 . 2011-05-11 21:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:13 . 2011-05-11 21:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-19 19:02 123904 ----a-w- c:\windows\system32\poqexec.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 151064] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512] "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616] "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672] "NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 135664] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 135664] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 171008] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-23 691696] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS [2011-01-27 340088] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS [2011-03-15 744568] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys [2011-05-19 810616] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110624.050\IDSvix86.sys [2011-06-03 367736] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS [2011-01-27 136312] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAV\1206000.01D\SYMNETS.SYS [2011-03-22 296568] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448] S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-06-01 105592] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936] S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-01 374272] S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}] 2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe . Contents of the 'Scheduled Tasks' folder . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc27946295572c.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 20:41] . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc279463d1ee30.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 20:41] . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.0.1 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(992) c:\program files\Microsoft Office\OFFICE11\msohev.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\taskhost.exe c:\program files\Internet Explorer\iexplore.exe c:\windows\system32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conhost.exe c:\program files\Internet Explorer\iexplore.exe c:\windows\system32\igfxsrvc.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\windows\system32\igfxext.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe c:\windows\system32\DllHost.exe c:\windows\system32\sppsvc.exe c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe . ************************************************************************** . Completion time: 2011-06-26 20:32:25 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-27 03:32 ComboFix2.txt 2011-06-27 01:56 ComboFix3.txt 2011-06-26 19:00 . Pre-Run: 206,187,806,720 bytes free Post-Run: 206,319,882,240 bytes free . - - End Of File - - 6723CDF18559D0BFD39D99D383CA282B
  9. divinetiger
    TDSSKiller.exe still not working...
  10. divinetiger
    still getting redirects...
  11. divinetiger
    ComboFix 11-06-26.01 - Joe 06/26/2011 18:44:13.2.1 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.994 [GMT -7:00] Running from: c:\users\Joe\Desktop\ComboFix.exe Command switches used :: c:\users\Joe\Desktop\CFScript.txt.txt AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys --> c:\windows\System32\drivers\volsnap.sys . ((((((((((((((((((((((((( Files Created from 2011-05-27 to 2011-06-27 ))))))))))))))))))))))))))))))) . . 2011-06-27 01:50 . 2011-06-27 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-26 20:46 . 2011-01-17 17:50 333176 ----a-w- c:\windows\Listdlls.exe 2011-06-26 20:46 . 2011-05-17 19:48 423288 ----a-w- c:\windows\handle.exe 2011-06-17 03:12 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-13 04:20 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll 2011-06-13 04:20 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll 2011-06-13 04:20 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-06-13 04:12 . 2011-06-13 04:12 -------- d-----w- c:\windows\en 2011-06-13 04:09 . 2009-09-05 00:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2011-06-13 04:09 . 2009-09-05 00:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2011-06-13 04:09 . 2009-09-05 00:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-06-13 04:09 . 2011-06-13 04:09 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\a6667f951cc297f2b\InstallManager_WLE_WLE.exe 2011-06-13 04:08 . 2011-06-13 04:08 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\9b525dc01cc297f20\MeshBetaRemover.exe 2011-06-13 04:08 . 2011-06-13 04:08 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\DSETUP.dll 2011-06-13 04:08 . 2011-06-13 04:08 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\DXSETUP.exe 2011-06-13 04:08 . 2011-06-13 04:08 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\dsetup32.dll 2011-06-13 04:08 . 2011-06-13 04:08 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\DSETUP.dll 2011-06-13 04:08 . 2011-06-13 04:08 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\DXSETUP.exe 2011-06-13 04:08 . 2011-06-13 04:08 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\dsetup32.dll 2011-06-13 04:07 . 2011-06-26 19:18 -------- d-----w- c:\users\Joe\AppData\Local\Windows Live 2011-06-12 07:55 . 2011-06-12 07:55 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes 2011-06-12 07:55 . 2011-06-12 07:55 -------- d-----w- c:\programdata\Malwarebytes 2011-06-12 07:55 . 2011-06-17 03:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-10 17:46 . 2011-06-13 05:27 -------- d-----w- c:\users\Joe\AppData\Local\NPE 2011-06-10 17:30 . 2011-06-23 07:03 -------- d-----w- c:\users\Joe\AppData\Local\Diagnostics 2011-06-10 17:23 . 2011-06-17 07:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-01 02:36 . 2011-06-01 02:38 -------- d-----w- c:\program files\Common Files\Symantec Shared 2011-06-01 02:36 . 2011-06-01 02:36 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-06-01 02:36 . 2011-06-01 02:36 -------- d-----w- c:\program files\Symantec 2011-06-01 02:35 . 2011-06-01 02:36 -------- d-----w- c:\windows\system32\drivers\NAV 2011-06-01 02:35 . 2011-06-01 02:35 -------- d-----w- c:\program files\Norton AntiVirus 2011-06-01 02:23 . 2011-06-01 02:41 -------- d-----w- c:\program files\NortonInstaller . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-13 04:10 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-09 20:46 . 2011-05-27 20:15 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E61626E-1B97-4281-AC50-341E30FF6E65}\mpengine.dll 2011-04-22 19:36 . 2011-05-27 20:15 26496 ---ha-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-09 06:13 . 2011-05-11 21:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:13 . 2011-05-11 21:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-19 19:02 123904 ----a-w- c:\windows\system32\poqexec.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 151064] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512] "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616] "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672] "NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 135664] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 135664] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 171008] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-23 691696] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS [2011-01-27 340088] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS [2011-03-15 744568] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys [2011-05-19 810616] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110624.050\IDSvix86.sys [2011-06-03 367736] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS [2011-01-27 136312] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAV\1206000.01D\SYMNETS.SYS [2011-03-22 296568] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448] S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-06-01 105592] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936] S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-01 374272] S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}] 2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe . Contents of the 'Scheduled Tasks' folder . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc27946295572c.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 20:41] . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc279463d1ee30.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 20:41] . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.0.1 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(4184) c:\program files\Microsoft Office\OFFICE11\msohev.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\taskhost.exe c:\windows\system32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Internet Explorer\iexplore.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conhost.exe c:\program files\Internet Explorer\iexplore.exe c:\windows\system32\igfxsrvc.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\windows\system32\igfxext.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe c:\windows\system32\DllHost.exe c:\windows\system32\sppsvc.exe c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe . ************************************************************************** . Completion time: 2011-06-26 18:56:29 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-27 01:56 ComboFix2.txt 2011-06-26 19:00 . Pre-Run: 206,352,523,264 bytes free Post-Run: 206,393,671,680 bytes free . - - End Of File - - 12ED9447AD9D0C56F8F66F5699A69577
  12. divinetiger
    SystemLook 04.09.10 by jpshortstuff Log created at 18:20 on 26/06/2011 by Joe Administrator - Elevation successful ========== filefind ========== Searching for "volsnap.sys" C:\Windows\System32\drivers\volsnap.sys --a---- 245328 bytes [23:11 13/07/2009] [01:19 14/07/2009] 58DF9D2481A56EDDE167E51B334D44FD C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys --a---- 245328 bytes [23:11 13/07/2009] [01:19 14/07/2009] 58DF9D2481A56EDDE167E51B334D44FD C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys --a---- 245328 bytes [23:11 13/07/2009] [01:19 14/07/2009] 58DF9D2481A56EDDE167E51B334D44FD -= EOF =-
  13. divinetiger
    RkU Version: 3.8.389.593, Type LE (SR2) ============================================== OS Name: Windows 7 Version 6.1.7600 Number of processors #1 ============================================== >Drivers ============================================== 0x96631000 C:\windows\system32\DRIVERS\igdkmd32.sys 6430720 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver) 0x82C11000 C:\windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System) 0x82C11000 PnpManager 4259840 bytes 0x82C11000 RAW 4259840 bytes 0x82C11000 WMIxWDM 4259840 bytes 0x81E05000 C:\windows\system32\drivers\RTKVHDA.sys 2736128 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver) 0x82650000 Win32k 2404352 bytes 0x82650000 C:\windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0x8E64A000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110626.002\NAVEX15.SYS 1536000 bytes (Symantec Corporation, AV Engine) 0x8901B000 C:\windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver) 0x88E04000 C:\windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver) 0x82100000 C:\windows\System32\Drivers\dump_iaStor.sys 892928 bytes 0x88A1B000 C:\windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32) 0x93B23000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys 827392 bytes (Symantec Corporation, BASH Driver) 0x88C18000 C:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS 765952 bytes (Symantec Corporation, Symantec Extended File Attributes) 0x96C53000 C:\windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel) 0x88CD3000 C:\windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver) 0x832F2000 C:\windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module) 0x98F58000 C:\windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver) 0x89352000 C:\windows\system32\drivers\NAV\1206000.01D\SRTSP.SYS 548864 bytes (Symantec Corporation, Symantec AutoProtect) 0x98E17000 C:\windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack) 0x8321F000 C:\windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library) 0x88807000 C:\windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime) 0x8923B000 C:\windows\system32\DRIVERS\RTL8187B.sys 413696 bytes (Realtek Semiconductor Corporation , Realtek RTL8187B NDIS Driver) 0x93A75000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver) 0x88F71000 C:\windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation) 0x93A18000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110624.050\IDSvix86.sys 380928 bytes (Symantec Corporation, IDS Core Driver) 0x90E16000 C:\windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x88B68000 C:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS 356352 bytes (Symantec Corporation, Symantec Data Store) 0xAF45B000 C:\windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver) 0xAF40C000 C:\windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver) 0x90F0A000 C:\windows\system32\drivers\NAV\1206000.01D\SYMNETS.SYS 323584 bytes (Symantec Corporation, Network Security Driver) 0x96D4E000 C:\windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0x88955000 C:\windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver) 0x88886000 C:\windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT) 0x833A6000 C:\windows\system32\DRIVERS\tos_sps32.sys 290816 bytes (TOSHIBA Corporation, tos_sps32) 0x892A0000 C:\windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver) 0x98388000 C:\windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB) 0x832B0000 C:\windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver) 0x90F59000 C:\windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0x89195000 C:\windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0x88D8A000 C:\windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem) 0x98EEA000 C:\windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr) 0x96D0A000 C:\windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS) 0x83021000 ACPI_HAL 225280 bytes 0x83021000 C:\windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0x88B34000 C:\windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0x98346000 C:\windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library) 0x9823C000 C:\windows\system32\DRIVERS\SynTP.sys 208896 bytes (Synaptics Incorporated, Synaptics Touchpad Driver) 0x889CB000 C:\windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver) 0x90E70000 C:\windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver) 0x89164000 C:\windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API) 0x820A1000 C:\windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0x88BD0000 C:\windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver) 0x96DC7000 C:\windows\system32\DRIVERS\Rt86win7.sys 180224 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver ) 0x88F33000 C:\windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider) 0x888F7000 C:\windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0x8E624000 C:\windows\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library) 0x89216000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll) 0x88DC8000 C:\windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages) 0x893D8000 C:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS 147456 bytes (Symantec Corporation, Iron Driver) 0x88AFE000 C:\windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension) 0x98EC7000 C:\windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0x982DC000 C:\windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0x90FCF000 C:\windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver) 0x90FAE000 C:\windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver) 0x8E600000 C:\windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver) 0x89333000 C:\windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0x96DA8000 C:\windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver) 0x90EA9000 C:\windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler) 0x828E0000 C:\windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver) 0x93AD3000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver) 0x983DD000 C:\windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver) 0x98F25000 C:\windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector) 0x98200000 C:\windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver) 0x98E9C000 C:\windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver) 0x820D0000 C:\windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers) 0x93AFD000 C:\windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver) 0x96600000 C:\windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver) 0x982B9000 C:\windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0x982FE000 C:\windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0x98316000 C:\windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0x9832D000 C:\windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager) 0x88C00000 C:\windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver) 0x889A0000 C:\windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager) 0x8E7C1000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110626.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine) 0x88F5E000 C:\windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0x93BED000 C:\windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6) 0x90EE7000 C:\windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0x982A7000 C:\windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager) 0x98288000 C:\windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver) 0x98EB5000 C:\windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver) 0x89000000 C:\windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver) 0x821DA000 C:\windows\System32\Drivers\dump_dumpfve.sys 69632 bytes 0x88BBF000 C:\windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver) 0x983CC000 C:\windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy) 0x88921000 C:\windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver) 0x83297000 C:\windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver) 0x90EC8000 C:\windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver) 0x9821A000 C:\windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver) 0x891E1000 C:\windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver) 0x9822A000 C:\windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver) 0x90EFA000 C:\windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver) 0x88945000 C:\windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver) 0x96D99000 C:\windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0x93B15000 C:\windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver) 0x90ED9000 C:\windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver) 0x88DED000 C:\windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver) 0x889BD000 C:\windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0x88FCE000 C:\windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver) 0x9837A000 C:\windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator) 0x88878000 C:\windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader) 0x9829A000 C:\windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator) 0x820F3000 C:\windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver) 0x96618000 C:\windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver) 0x888EA000 C:\windows\system32\DRIVERS\LPCFilter.sys 53248 bytes (COMPAL ELECTRONIC INC., LPCFilter) 0x98271000 C:\windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver) 0x98E00000 C:\windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver) 0x8E7EF000 C:\windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver) 0x93AF1000 C:\windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver) 0x8E7E3000 C:\windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0x8893A000 C:\windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver) 0x821EB000 C:\windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver) 0x88FED000 C:\windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver) 0x982D1000 C:\windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0x89200000 C:\windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect) 0x88A00000 C:\windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper) 0x96D43000 C:\windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0x888DF000 C:\windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator) 0x820E9000 C:\windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver) 0x88B21000 C:\windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver) 0x90FA4000 C:\windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver) 0x90F9A000 C:\windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy) 0x98FEF000 C:\windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver) 0x9827E000 C:\windows\system32\DRIVERS\tdcmdpst.sys 40960 bytes (TOSHIBA Corporation., TOSHIBA ODD Writing Driver for x86.) 0x821F6000 C:\windows\System32\drivers\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver) 0x88B2B000 C:\windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver) 0x88AF5000 C:\windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver) 0xAF517000 C:\windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver) 0x88FDC000 C:\windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver) 0x828B0000 C:\windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver) 0x888CE000 C:\windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0x832A8000 C:\windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver) 0x88932000 C:\windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver) 0x891F1000 C:\windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver) 0x80BC3000 C:\windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger) 0x888D7000 C:\windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver) 0x8920B000 C:\windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x89011000 C:\windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport) 0x88FE5000 C:\windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport) 0x891D9000 C:\windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor) 0x8E7DC000 C:\windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver) 0x8E7D5000 C:\windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver) 0x889B6000 C:\windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) 0x90EA2000 C:\windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver) 0x891D4000 C:\windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) 0x96DF3000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver) 0x98344000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0x9826F000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) ============================================== >Stealth ============================================== 0x86722A91 Unknown page with executable code, 1391 bytes 0x89195000 WARNING: Virus alike driver modification [volsnap.sys], 258048 bytes 0x86721288 Unknown page with executable code, 3448 bytes 0x86723191 Unknown page with executable code, 3695 bytes 0x86725E7A Unknown thread object [ ETHREAD 0x86A4E7F0 ] TID: 308, 600 bytes 0x86728008 Unknown thread object [ ETHREAD 0x86A51020 ] TID: 312, 600 bytes 0x86727CDC Unknown page with executable code, 804 bytes ============================================== >Files ============================================== ============================================== >Hooks ============================================== [3256]iexplore.exe-->kernel32.dll+0x000385A2, Type: Inline - RelativeJump 0x775A85A2-->02A60266 [unknown_code_page] [3256]iexplore.exe-->kernel32.dll+0x0005060F, Type: Inline - RelativeJump 0x775C060F-->02A6031C [unknown_code_page] [3256]iexplore.exe-->kernel32.dll+0x00052A52, Type: Inline - RelativeJump 0x775C2A52-->02A60488 [unknown_code_page] [3256]iexplore.exe-->kernel32.dll+0x000685BC, Type: Inline - RelativeJump 0x775D85BC-->02A601B0 [unknown_code_page] [3256]iexplore.exe-->kernel32.dll-->HeapCreate, Type: Inline - RelativeJump 0x775C2A57-->775C2A52 [kernel32.dll] [3256]iexplore.exe-->kernel32.dll-->SetProcessDEPPolicy, Type: Inline - RelativeJump 0x775A85A7-->775A85A2 [kernel32.dll] [3256]iexplore.exe-->kernel32.dll-->TerminateProcess, Type: Inline - RelativeJump 0x775B50A6-->02A603D2 [unknown_code_page] [3256]iexplore.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x775C0614-->775C060F [kernel32.dll] [3256]iexplore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x775B50AB-->775B50A6 [kernel32.dll] [3256]iexplore.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x775D85C1-->775D85BC [kernel32.dll] [3256]iexplore.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x77D84ED0-->02A6003A [unknown_code_page] [3256]iexplore.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77D85920-->02A600F7 [unknown_code_page] [3256]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7798CC8F-->70959D94 [ieframe.dll] [3256]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x77990E51-->70968197 [ieframe.dll] [3256]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x779CD29C-->70A8FF3B [ieframe.dll] [3256]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x779B4AA7-->70A8FED8 [ieframe.dll] [3256]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x779CCF6A-->70A8FE75 [ieframe.dll] [3256]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x779B564A-->70884BA7 [ieframe.dll] [3256]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x779DEA29-->70A8FD3D [ieframe.dll] [3256]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x779DEA4D-->70A8FCDB [ieframe.dll] [3256]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x779DE8C9-->70A8FE0A [ieframe.dll] [3256]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x779DE9C3-->70A8FD9F [ieframe.dll] [3256]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7799210A-->7091463B [ieframe.dll] [3256]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7798CC7B-->709783A2 [ieframe.dll] [3256]iexplore.exe-->wininet.dll-->HttpAddRequestHeadersA, Type: Inline - RelativeJump 0x77669ABA-->00586A90 [unknown_code_page] [3256]iexplore.exe-->wininet.dll-->HttpAddRequestHeadersW, Type: Inline - RelativeJump 0x77670848-->00586C90 [unknown_code_page] [3256]iexplore.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76623BED-->0068000A [unknown_code_page] [3256]iexplore.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x766248BE-->0067000A [unknown_code_page] [3256]iexplore.exe-->ws2_32.dll-->getaddrinfo, Type: Inline - RelativeJump 0x76626737-->0176000A [unknown_code_page] [3256]iexplore.exe-->ws2_32.dll-->gethostbyname, Type: Inline - RelativeJump 0x76637133-->0175000A [unknown_code_page] [3256]iexplore.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x766247DF-->0066000A [unknown_code_page] [3256]iexplore.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x7662C4C8-->0069000A [unknown_code_page] [740]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x77990E51-->70968197 [ieframe.dll] [740]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x779CD29C-->70A8FF3B [ieframe.dll] [740]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x779B4AA7-->70A8FED8 [ieframe.dll] [740]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x779CCF6A-->70A8FE75 [ieframe.dll] [740]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x779B564A-->70884BA7 [ieframe.dll] [740]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x779DEA29-->70A8FD3D [ieframe.dll] [740]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x779DEA4D-->70A8FCDB [ieframe.dll] [740]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x779DE8C9-->70A8FE0A [ieframe.dll] [740]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x779DE9C3-->70A8FD9F [ieframe.dll] [740]iexplore.exe-->wininet.dll-->HttpAddRequestHeadersA, Type: Inline - RelativeJump 0x77669ABA-->00196A90 [unknown_code_page] [740]iexplore.exe-->wininet.dll-->HttpAddRequestHeadersW, Type: Inline - RelativeJump 0x77670848-->00196C90 [unknown_code_page] [740]iexplore.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76623BED-->0067000A [unknown_code_page] [740]iexplore.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x766248BE-->0066000A [unknown_code_page] [740]iexplore.exe-->ws2_32.dll-->getaddrinfo, Type: Inline - RelativeJump 0x76626737-->006A000A [unknown_code_page] [740]iexplore.exe-->ws2_32.dll-->gethostbyname, Type: Inline - RelativeJump 0x76637133-->0069000A [unknown_code_page] [740]iexplore.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x766247DF-->0065000A [unknown_code_page] [740]iexplore.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x7662C4C8-->0068000A [unknown_code_page]
  14. divinetiger
    This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 06/26/2011 at 16:43:37. Operating System: Windows 7 Home Premium Processes terminated by Rkill or while it was running: Rkill completed on 06/26/2011 at 16:43:54. Rkill completed on 06/26/2011 at 16:44:02. Still not able to run TDSSKiller.exe
  15. divinetiger
    aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software Run date: 2011-06-26 13:53:09 ----------------------------- 13:53:09.766 OS Version: Windows 6.1.7600 13:53:09.766 Number of processors: 1 586 0x170A 13:53:09.766 ComputerName: JOE-PC UserName: Joe 13:53:11.373 Initialize success 13:56:22.545 AVAST engine defs: 11062601 13:59:39.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 13:59:39.015 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3 13:59:39.030 Disk 0 MBR read successfully 13:59:39.030 Disk 0 MBR scan 13:59:39.030 Disk 0 unknown MBR code 13:59:39.046 Disk 0 scanning sectors +488396800 13:59:39.077 Disk 0 scanning C:\windows\system32\drivers 13:59:48.259 Service scanning 13:59:49.138 Disk 0 trace - called modules: 13:59:49.161 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x867241ed]<< 13:59:49.161 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866f8030] 13:59:49.171 3 CLASSPNP.SYS[8924e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x858da028] 13:59:49.171 \Driver\iaStor[0x858f8548] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x867241ed 13:59:50.557 AVAST engine scan C:\windows 14:01:39.036 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat" 14:01:39.052 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt" aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software Run date: 2011-06-26 13:53:09 ----------------------------- 13:53:09.766 OS Version: Windows 6.1.7600 13:53:09.766 Number of processors: 1 586 0x170A 13:53:09.766 ComputerName: JOE-PC UserName: Joe 13:53:11.373 Initialize success 13:56:22.545 AVAST engine defs: 11062601 13:59:39.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 13:59:39.015 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3 13:59:39.030 Disk 0 MBR read successfully 13:59:39.030 Disk 0 MBR scan 13:59:39.030 Disk 0 unknown MBR code 13:59:39.046 Disk 0 scanning sectors +488396800 13:59:39.077 Disk 0 scanning C:\windows\system32\drivers 13:59:48.259 Service scanning 13:59:49.138 Disk 0 trace - called modules: 13:59:49.161 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x867241ed]<< 13:59:49.161 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866f8030] 13:59:49.171 3 CLASSPNP.SYS[8924e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x858da028] 13:59:49.171 \Driver\iaStor[0x858f8548] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x867241ed 13:59:50.557 AVAST engine scan C:\windows 14:01:39.036 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat" 14:01:39.052 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt" 14:17:07.514 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat" 14:17:07.536 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt" MBR.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.